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High Vulnerabilities 








Primary 


Vendor -- Product Published 


Description | CVss | Source & Patch 


Score Info 


CVE-2020-35760 
MISC 








bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that 
allows attackers to upload malicious files (ex: php files). 


In avrc_msg_cback of avrc_api.cc, there is a possible out of 
bounds write due to a heap buffer overflow. This could lead to 
remote code execution with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11 Android-8.1 Android-9 Android- 
10Android ID: A-177611958 


In memory management driver, there is a possible out of bounds 
write due to a missing bounds check. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183464866 


In memory management driver, there is a possible memory 
corruption due to a double free. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183461321 


In memory management driver, there is a possible memory 
corruption due to a use after free. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183461320 


In memory management driver, there is a possible memory 


bloofox -- bloofoxcms 2021-06-16 | £5. 








CVE-2021-0474 


google -- android MISC 


2021-06-11 10 








google -- android 2021-06-11 7.2 








CVE-2021-0498 


google -- android MISC 


2021-06-11 cis 











CVE-2021-0497 


google -- android MISC 


2021-06-11 EZ. 








google -- android 


corruption due to a use after free. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183467912 


2021-06-11 


CVE-2021-0496 
MISC 





google -- android 


In memory management driver, there is a possible out of bounds 


write due to uninitialized data. This could lead to local escalation 
of privilege with no additional execution privileges needed. User 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-183459083 


2021-06-11 











google -- android 








In memory management driver, there is a possible out of bounds 
write due to an integer overflow. This could lead to local 
escalation of privilege with no additional execution privileges 
needed. User interaction is not needed for exploitation.Product: 





AndroidVersions: Android SoCAndroid ID: A-183461318 








2021-06-11 








CVE-2021-0494 
MISC 
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Primary ad : CVvss Source & Patch 
Vendor -- Product Pescnpien Paplisher Score Info 
In memory management driver, there is a possible out of bounds 
write due to a missing bounds check. This could lead to local CVE-2021-0493 
google -- android escalation of privilege with no additional execution privileges 2021-06-11 pas MISC. 
needed. User interaction is not needed for exploitation.Product: [ee 
AndroidVersions: Android SoCAndroid ID: A-183461317 
In memory management driver, there is a possible out of bounds 
write due to a missing bounds check. This could lead to local CVE-2021-0492 
google -- android escalation of privilege with no additional execution privileges 2021-06-11 pes MISC. 
needed. User interaction is not needed for exploitation.Product: —— 
AndroidVersions: Android SoCAndroid ID: A-183459078 
In memory management driver, there is a possible escalation of 
privilege due to a missing permission check. This could lead to CVE-2021-0491 
google -- android local escalation of privilege with no additional execution privileges!) 2021-06-11 res MISC... 
needed. User interaction is not needed for exploitation.Product: [ero 
AndroidVersions: Android SoCAndroid ID: A-183461315 
In memory management driver, there is a possible out of bounds 
write due to a missing bounds check. This could lead to local CVE-2021-0490 
google -- android escalation of privilege with no additional execution privileges 2021-06-11 oe MISC 
needed. User interaction is not needed for exploitation.Product: el 
AAndroidVersions: Android SoCAndroid ID: A-183464868 
In onCreate of CalendarDebugActivity.java, there is a possible 
way to export calendar data to the sdcard without user consent 
= . due to a tapjacking/overlay attack. This could lead to local ne. CVE-2021-0487 
Soegle = android escalation of privilege with User execution privileges needed. eteiie L2 MISC 
User interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-174046397 
In onActivityResult of EditUserPhotoController.java, there is a 
possible access of unauthorized files due to an unexpected URI 
; handler. This could lead to local escalation of privilege with no CVE-2021-0481 
google android additional execution privileges needed. User interaction is ee a8 MISC 
needed for exploitation.Product: AndroidVersions: Android-8.1 
Android-9 Android-10 Android-11Android ID: A-172939189 
In getMinimalSize of PipBoundsAlgorithm.java, there is a 
possible bypass of restrictions on background processes due to a 
- . permissions bypass. This could lead to local escalation of ne. CVE-2021-0485 
goagle “android privilege with no additional execution privileges needed. User eterno) Le MISC 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android-11Android ID: A-174302616 
In notifyScreenshotError of 
ScreenshotNotificationsController.java, there is a possible 
permission bypass due to an unsafe PendingIntent. This could CVE-2021-0477 
google -- android lead to local escalation of privilege with User execution privileges || 2021-06-11 pa wee 
MISC 
needed. User interaction is not needed for exploitation.Product: hamaeeae 
AndroidVersions: Android-10 Android-11 Android-8.1 Android- 
9Android ID: A-178189250 
An improper input validation vulnerability in sflacfd_get_frm() in CVE-2021-25387 
google -- android libsflacextractor library prior to SMR MAY-2021 Release 1 allows || 2021-06-11 ree 1 an 
MISC 
attackers to execute arbitrary code on mediaextractor process. —— 
An improper input validation vulnerability in 
: sdfffd_parse_chunk_FVER() in libsdffextractor library prior to CVE-2021-25386 
goagle android SMR MAY-2021 Release 1 allows attackers to execute arbitrary eteen4 Zs MISC 
code on mediaextractor process. 
An improper input validation vulnerability in 
: sdfffd_parse_chunk_PROP() in libsdffextractor library prior to CVE-2021-25385 
poodles anerord SMR MAY-2021 Release 1 allows attackers to execute arbitrary evehane a £8 MISC 
code on mediaextractor process. 
An improper input validation vulnerability in 
: sdfffd_parse_chunk_PROP() with Sample Rate Chunk in CVE-2021-25384 
google andre libsdffextractor library prior to SMR MAY-2021 Release 1 allows eee Ls MISC 
attackers to execute arbitrary code on mediaextractor process. 
An improper input validation vulnerability in scmn_mfal_read() in CVE-2021-25383 
google -- android libsapeextractor library prior to SMR MAY-2021 Release 1 allows || 2021-06-11 Ls. MISC... 
attackers to execute arbitrary code on mediaextractor process. ees 
In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible 
memory corruption due to a use after free. This could lead to 
google -- android remote code execution over Bluetooth with no additional 2021-06-11 8.3 CVE-2021-0475 








execution privileges needed. User interaction is not needed for 
exploitation.Product: AndroidVersions: Android-11 Android- 
10Android ID: A-175686168 

















MISC 
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Primary aie : CVvss Source & Patch 
Vendor -- Product pesenpien Papllsher Score Info 
In rw_t3t_process_error of rw_t3t.cc, there is a possible double 
free due to uninitialized data. This could lead to remote code 
. execution over NFC with no additional execution privileges CVE-2021-0473 
goagle =andnid needed. User interaction is not needed for exploitation.Product: Pesto! 8.3 MISC 
AndroidVersions: Android-9 Android-10 Android-11 Android- 
8.1Android ID: A-179687208 
An improper access control vulnerability in genericssoservice 
= . prior to SMR JUN-2021 Release 1 allows local attackers to ne. CVE-2021-25412 
poegle anni execute protected activity with system privilege via untrusted eterno L2 MISC 
applications. 
Back to top 
Medium Vulnerabilities 
Primary ae Fi CVSS Source & Patch 
Vendor -- Product PrseHpHen ablished Score | Info 
The Visitors WordPress plugin through 0.3 is affected by an 
i : Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. CVE-2021-24350 
bestwebsoft -- visitors_onilne The plugin would display the user's user agent string without eee eons 43 CONFIRM 
validation or encoding within the WordPress admin panel. 
bidarox = binsioxens bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl 2021-06-16 4 CVE-2020-35762 
parameter that allows attackers to read local files. MISC 
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to CVE-2020-35759 
bloofox -- bloofoxems an attacker editing any file content (Locally/Remotely). saa ial 4.3 ree 
In FindOrCreatePeer of btif_av.cc, there is a possible use after 
free due to a race condition. This could lead to local escalation of 
_ ; privilege with no additional execution privileges needed. User 6. CVE-2021-0476 
oe glers anchor interaction is not needed for exploitation.Product: even ee 8.9 MISC 
AndroidVersions: Android-11 Android-9 Android-10Android ID: A- 
169252501 
An improper input validation vulnerability in NPU firmware prior to CVE-2021-25396 
google -- android SMR MAY-2021 Release 1 allows arbitrary memory write and 2021-06-11 46 MiSC..OOt~™S 
code execution. a 
In BinderDiedCallback of MediaCodec.cpp, there is a possible 
memory corruption due to a use after free. This could lead to CVE-2021-0482 
google -- android local escalation of privilege with no additional execution privileges!) 2021-06-11 6.9 MISC... 
needed. User interaction is not needed for exploitation.Product: -— 
AndroidVersions: Android-11Android ID: A-173791720 
In startlpClient of ClientModelmpl.java, there is a possible 
identifier which could be used to track a device. This could lead 
F to remote information disclosure to a proximal attacker, with no CVE-2021-0466 
google android additional execution privileges needed. User interaction is not eeraee 6 MISC 
needed for exploitation.Product: AndroidVersions: Android- 
10Android ID: A-154114734 
google -- android Improper authorization in SDP SDK prior to SMR JUN-2021 2021-06-11 5 CVE-2021-25417 
Release 1 allows access to internal storage. MISC 
In shouldLockKeyguard of LockTaskController.java, there is a 
possible way to exit App Pinning without a PIN due to a 
permissions bypass. This could lead to local escalation of CVE-2021-0472 
google -- android privilege with no additional execution privileges needed. User 2021-06-11 4.6 MISC. 
interaction is not needed for exploitation.Product: ieee 
AndroidVersions: Android-11 Android-9 Android-10Android ID: A- 
176801033 
Improper sanitization of incoming intent in Samsung Contacts CVE-2021-25414 
google -- android prior to SMR JUN-2021 Release 1 allows local attackers to copy || 2021-06-11 46 MSC .tCtC~™S 
or overwrite arbitrary files with Samsung Contacts privilege. = 
Scala aadiod A possible out of bounds write vulnerability in NPU driver prior to 2021-06-11 46 po ee 
goog SMR JUN-2021 Release 1 allows arbitrary memory write. — MISC 
A possible buffer overflow vulnerability in NPU driver prior to CVE-2021-25408 
google -- android SMR JUN-2021 Release 1 allows arbitrary memory write and 2021-06-11 4.6 MISC... 
code execution. ——— 
A use after free vulnerability via race condition in MFC charger CVE-2021-25394 
google -- android driver prior to SMR MAY-2021 Release 1 allows arbitrary write 2021-06-11 44 MISC. 
given a radio privilege is compromised. (eee 
A race condition in MFC charger driver prior to SMR MAY-2021 CVE-2021-25395 
google -- android Release 1 allows local attackers to bypass signature check given || 2021-06-11 4.4 “i<s. 











a radio privilege is compromised. 














MISC 
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Primary Bales : CVvss Source & Patch 
Vendor -- Product peccnpien PapIished Score Info 
In createPendingIntent of SnoozeHelper.java, there is a possible 
broadcast intent containing a sensitive identifier. This could lead 
: to local information disclosure with no additional execution CVE-2021-0480 
Qoagle = andnid privileges needed. User interaction is needed for Bier ee | 43 MISC 
exploitation.Product: AndroidVersions: Android-10 Android-11 
Android-8.1 Android-9Android ID: A-174493336 
Type confusion in V8 in Google Chrome prior to 91.0.4472.101 CVE-2021-30551 
google -- chrome allowed a remote attacker to potentially exploit heap corruption 2021-06-15 6.8 MISC 
via a crafted HTML page. MISC 
Use after free in Extensions in Google Chrome prior to 
seal chromed 91.0.4472.101 allowed an attacker who convinced a user to 2021-06-15 68 aoe 
goog install a malicious extension to potentially exploit heap corruption ae MISC 
via a crafted HTML page. (cama 
Use after free in Network service in Google Chrome prior to CVE-2021-30553 
google -- chrome 91.0.4472.101 allowed a remote attacker to potentially exploit 2021-06-15 6.8 MISC 
heap corruption via a crafted HTML page. MISC 
Use after free in Spell check in Google Chrome prior to 
eoale-=chroma 91.0.4472.101 allowed an attacker who convinced a user to 2021-06-15 6.8 oe 
goog install a malicious extension to potentially exploit heap corruption es MISC 
via a crafted HTML page. (asa 
Use after free in Loader in Google Chrome prior to 91.0.4472.101 CVE-2021-30548 
google -- chrome allowed a remote attacker to potentially exploit heap corruption 2021-06-15 6.8 MISC 
via a crafted HTML page. MISC 
Out of bounds write in ANGLE in Google Chrome prior to CVE-2021-30547 
google -- chrome 91.0.4472.101 allowed a remote attacker to potentially perform 2021-06-15 6.8 MISC 
out of bounds memory access via a crafted HTML page. MISC 
The Yes/No Chart WordPress plugin before 1.0.12 did not 
. sanitise its sid shortcode parameter before using it ina SQL CVE-2021-24360 
RONSCEWOlhsr VeRVae chert statement, allowing medium privilege users (contributor+) to eve Oe-Ns 4 CONFIRM 
perform Blind SQL Injection attacks 
x Directory Traversal vulnerability in phpCMS 9.1.13 via the q ne. CVE-2020-22200 
PhpEms == /PHpeme parameter to public_get_suggest_keyword. eee eee 8 MISC 
The Plus Addons for Elementor Page Builder WordPress plugin 
before 4.1.11 did not properly check that a user requesting a 
password reset was the legitimate user, allowing an attacker to 5 2 
posimyth -- send an arbitrary reset password email to a registered user on 2021-06-14 5 a 
the_plus_addons_for_elementor __ ||behalf of the WordPress site. Such issue could be chained with is CONFIRM 
an open redirect (CVE-2021-24358) in version below 4.1.10, to —— 
include a crafted password reset link in the email, which would 
lead to an account takeover. 
The Plus Addons for Elementor Page Builder WordPress plugin 
posimyth -- before 4.1.10 did not validate a redirect parameter on a 2021-06-14 58 oo 
the_plus_addons_for_elementor __||specifically crafted URL before redirecting the user to it, leading —— CONFIRM 
to an Open Redirect issue. fe 
_ Improper authentication vulnerability in Tizen bluetooth-frwk prior ‘ 7 
Salen wah active 2 firmware to Firmware update JUN-2021 Release allows bluetooth attacker || 2021-06-11 5.8 iia 
9 y_ = ain to take over the user's bluetooth device without user awareness. aaa 
Improper check vulnerability in Samsung Health prior to version CVE-2021-25425 
samsung -- health 6.17 allows attacker to read internal cache data via exported 2021-06-11 5 MISC... 
component. os 
Improper component protection vulnerability in Samsung Internet CVE-2021-25418 
samsung -- internet prior to version 14.0.1.62 allows untrusted applications to execute||_ 2021-06-11 4.4 MISC ..—™ 
arbitrary activity in specific condition. fas 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
: , Definition (Def.exe) V15.0.0.21140 and prior that could result in 
eWay laaieed et Scadacs stenf!OSs of data or remote code execution due to lack of proper 2021-06-11 6.8 He 
grap = _Sy validation of user-supplied data, when a malicious CGF file is frees 
imported to IGSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
schneider-electric -- Definition (Def.exe) V15.0.0.21041 and prior that could result in 2021-06-11 68 CVE-2021-22750 
interactive_graphical_scada_systemloss of data or remote code execution due to missing length —— MISC 
checks, when a malicious CGF file is imported to |GSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
: F Definition (Def.exe) V15.0.0.21140 and prior that could result in 
schneider-electric o disclosure of information or execution of arbitrary code due to 2021-06-11 6.8 CVE-2021-22751 
interactive_graphical_scada_system| MISC 
= = = lack of input validation, when a malicious CGF (Configuration = 
Group File) file is imported to |GSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
: : Definition (Def.exe) V15.0.0.21140 and prior that could result in 
pe ipitersiceie = loss of data or remote code execution due to missing size 2021-06-11 6.8 CVE -2021-22752 


interactive_graphical_scada_system 





checks, when a malicious WSP (Workspace) file is being parsed 





by IGSS Definition. 














MISC 
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by the openjdk-16 package apport hooks, it could expose private 
data to other local users. 

















Primary = : Cvss Source & Patch 
Vendor -- Product pescupHel Paplisher Score Info 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS 
: : Definition (Def.exe) V15.0.0.21140 and prior that could result in 
remanent eet Scadavs stenf!OSs of data or remote code execution due to missing length 2021-06-11 6.8 fee 
—9rap = _Sy checks, when a malicious WSP file is being parsed by IGSS ea 
Definition. 
IA CWE-125: Out-of-bounds read vulnerability exists inIGSS 
2 : Definition (Def.exe) V15.0.0.21140 and prior that could result in 
Sider ara scada Ss sten{disclosure of information or remote code execution due to lack of |} 2021-06-11 6.8 oe 
grap = SY sanity checks on user-supplied input data, when a malicious CGF == 
file is imported to |GSS Definition. 
A CWE-787: Out-of-bounds write vulnerability exists inIGSS 
; : Definition (Def.exe) V15.0.0.21140 and prior that could result in 
aera Sandee sten{lisclosure of information or remote code execution due to lack of || 2021-06-11 6.8 oo 
grap = _Sy sanity checks on user-supplied data, when a malicious CGF file Poo 
is imported to IGSS Definition. 
A CWE-125: Out-of-bounds read vulnerability exists inIGSS 
: : Definition (Def.exe) V15.0.0.21140 and prior that could result in 
iret dager sends sten{aisclosure of information or remote code execution due to lack of || 2021-06-11 6.8 Mae 
grap = _Sy user-supplied data validation, when a malicious CGF file is lees 
imported to IGSS Definition. 
IA CWE-824: Access of uninitialized pointer vulnerability exists 
: : inlIGSS Definition (Def.exe) V15.0.0.21140 and prior that could 
schneider-electric oo result in loss of data or remote code execution due to lack 2021-06-11 6.8 eee eee 
interactive_graphical_scada_system| MISC 
a = = validation of user-supplied input data, when a malicious CGF file 
is imported to IGSS Definition. 
A CWE-763: Release of invalid pointer or reference vulnerability 
; : exists in|IGSS Definition (Def.exe) V15.0.0.21140 and prior that 
schneider-electric a could result in loss of data or remote code execution due to 2021-06-11 6.8 a 
interactive_graphical_scada_system| ~~. ats hae MISC 
missing checks of user-supplied input data, when a malicious 
CGF file is imported to IGSS Definition. 
A CWE-119: Improper Restriction of Operations within the 
Bounds of a Memory Buffer vulnerability exists inIGSS Definition 
schneider-electric -- (Def.exe) V15.0.0.21140 and prior that could result in disclosure 2021-06-11 68 CVE-2021-22761 
interactive_graphical_scada_systenjof information or remote code e+F15xecution due to missing ee MISC 
length check on user supplied data, when a malicious CGF file is 
imported to IGSS Definition. 
IA CWE-22: Improper Limitation of a Pathname to a Restricted 
; F Directory vulnerability exists inIGSS Definition (Def.exe) 
aa aaete eee | cada evster|¥150.0-21140 and prior that could result in remote code 2021-06-11 6.8 ras 
—grap = _SY execution, when a malicious CGF or WSP file is being parsed by (pacman 
IGSS Definition. 
A CWE-416: Use after free vulnerability exists inIGSS Definition 
schneider-electric -- (Def.exe) V15.0.0.21140 and prior that could result in loss of data 2021-06-11 68 CVE-2021-22759 
interactive_graphical_scada_systemjor remote code execution due to use of unchecked input data, —— MISC 
when a malicious CGF file is imported to |GSS Definition. 
Back to top 
Low Vulnerabilities 
Primary ar : CVvss Source & Patch 
Vendor -- Product Peecupuent Papilenes Score | Info 
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote CVE-2020-35761 
bioofox = bloofexems attackers to execute arbitrary JS/HTML Code. eae 3.5 eae 
It was discovered that read_file() in apport/hookutils.py would 
é : follow symbolic links or open FIFOs. When this function is used CVE-2021-32555 
Ean Oneal ubunty NL by the xorg-hwe-18.04 package apport hooks, it could expose eget Oe ie 2.1 MISC 
private data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
F F follow symbolic links or open FIFOs. When this function is used CVE-2021-32554 
Canonical = Cbunti Nn by the xorg package apport hooks, it could expose private data to Ne perl 21 MISC 
other local users. 
It was discovered that read_file() in apport/hookutils.py would 
F F follow symbolic links or open FIFOs. When this function is used CVE-2021-32553 
canonical bunt Nn by the openjdk-17 package apport hooks, it could expose private ave Ree 21 MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
canonical —- ubuntu_linux follow symbolic links or open FIFOs. When this function is used 2021-06-12 24 CVE-2021-32552 


MISC 
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write read-only kernel memory. 














Primary ae F Cvss Source & Patch 
Vendor -- Product PesenpHel Publisher Score Info 
It was discovered that read_file() in apport/hookutils.py would 
F : follow symbolic links or open FIFOs. When this function is used CVE-2021-32551 
pAneneS anne aoee by the openjdk-15 package apport hooks, it could expose private etel-0e-la 2.1 MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
: p follow symbolic links or open FIFOs. When this function is used CVE-2021-32550 
Canonical = Dunit Inn by the openjdk-14 package apport hooks, it could expose private ate eerie 24 MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
‘ ; follow symbolic links or open FIFOs. When this function is used CVE-2021-32549 
kee by the openjdk-13 package apport hooks, it could expose private euelee-le 21. MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
‘ ; follow symbolic links or open FIFOs. When this function is used CVE-2021-32548 
canenicol -apunny nes by the openjdk-8 package apport hooks, it could expose private dl 21 MISC 
data to other local users. 
It was discovered that read_file() in apport/hookutils.py would 
é , follow symbolic links or open FIFOs. When this function is used CVE-2021-32547 
Canonical = Cpumta Nl by the openjdk-Its package apport hooks, it could expose private eueN-OE- Ne 21 MISC 
data to other local users. 
In the Best Image Gallery & Responsive Photo Gallery a€“ 
FooGallery WordPress plugin before 2.0.35, the Custom CSS CVE-2021-24357 
fooplugins -- foogallery field of each gallery is not properly sanitised or validated before 2021-06-14 3:6 ere =)" 
: : : f CONFIRM 
being being output in the page where the gallery is embed, 
leading to a stored Cross-Site Scripting issue. 
éoale-<andreid Improper caller check vulnerability in Knox Core prior to SMR 2021-06-11 36 wo 
goog MAY-2021 Release 1 allows attackers to install arbitrary app. = MISC 
; Improper running task check in S Secure prior to SMR MAY-2021 CVE-2021-25389 
google -- android Release 1 allows attackers to use locked app without 2021-06-11 26 MISC... 
authentication. aan’ 
[Assuming EL1 is compromised, an improper address validation in CVE-2021-25416 
google -- android RKP prior to SMR JUN-2021 Release 1 allows local attackers to || 2021-06-11 mil MISC..OtC~S 
create executable kernel page outside code area. ——= 
[Assuming EL1 is compromised, an improper address validation in CVE-2021-25415 
google -- android RKP prior to SMR JUN-2021 Release 1 allows local attackers to || 2021-06-11 2.1) MISC. .t~S 
remap EL2 memory as writable. ro 
Improper sanitization of incoming intent in Samsung Contacts 
_ . prior to SMR JUN-2021 Release 1 allows local attackers to get ne. CVE-2021-25413 
google android permissions to access arbitrary data with Samsung Contacts elersee! 2.1 MISC 
privilege. 
Improper sanitization of incoming intent in SecSettings prior to CVE-2021-25393 
google -- android SMR MAY-2021 Release 1 allows local attackers to get 2021-06-11 Zl, MISC 
permissions to access system uid data. MISC 
Improper access control of a component in CallBGProvider prior CVE-2021-25410 
google -- android to SMR JUN-2021 Release 1 allows local attackers to access 2021-06-11 3:6 MISC ..OCO—™ 
arbitrary files with an escalated privilege. es 
In /proc/net of the kernel filesystem, there is a possible 
information leak due to a permissions bypass. This could lead to 
. local information disclosure with no additional execution CVE-2019-9475 
goegle sandra privileges needed. User interaction is not needed for etee 21 MISC 
exploitation.Product: AndroidVersions: Android-10Android ID: A- 
9496886 
In readVector of IMediaPlayer.cpp, there is a possible read of 
uninitialized heap data due to a missing bounds check. This 
‘ could lead to local information disclosure with no additional CVE-2021-0484 
goede andre execution privileges needed. User interaction is not needed for eeey eed 2.1 MISC 
exploitation.Product: AndroidVersions: Android-9 Android-10 
Android-11 Android-8.1Android ID: A-173720767 
Intent redirection vulnerability in Secure Folder prior to SMR CVE-2021-25391 
google -- android MAY-2021 Release 1 allows attackers to execute privileged 2021-06-11 ZA MISC 
action. MISC 
Improper protection of backup path configuration in Samsung CVE-2021-25392 
google -- android Dex prior to SMR MAY-2021 Release 1 allows local attackers to 2021-06-11 2.1 MISC 
get sensitive information via changing the path. MISC 
An improper access control vulnerability in TelephonyUI prior to CVE-2021-25397 
google -- android SMR MAY-2021 Release 1 allows local attackers to write arbitrary|| 2021-06-11 2:1 MISC 
files of telephony process via untrusted applications. MISC 
Improper address validation vulnerability in RKP api prior to SMR CVE-2021-25411 
google -- android JUN-2021 Release 1 allows root privileged local attackers to 2021-06-11 ZA, we... 











MISC 
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Primary ae : Cvss Source & Patch 
Vendor -- Product PescnpHol Papllsher Score Info 
Improper access in Notification setting prior to SMR JUN-2021 CVE-2021-25409 
google -- android Release 1 allows physically proximate attackers to set arbitrary 2021-06-11 mh MISC... 
notification via physically configuring device. a 
‘ Intent redirection vulnerability in PhotoTable prior to SMR MAY- CVE-2021-25390 
google -- android ae 5 2021-06-11 ae) MISC 
2021 Release 1 allows attackers to execute privileged action. MISC 
: : Intent redirection vulnerability in Bixby Voice prior to version CVE-2021-25398 
Saiueung = Vixby_ welts 3.1.12 allows attacker to access contacts. Stews 21 MISC 
Improper log management vulnerability in Galaxy Watch3 PlugIn 
a ._llprior to version 2.2.09.21033151 allows attacker with log 6. CVE-2021-25421 
eamsung'= Galaxy watch _3_ plugin permissions to leak Wi-Fi password connected to the user Peeerecn | 21 MISC 
smartphone within log. 
Improper log management vulnerability in Galaxy Watch PlugIn 
= F prior to version 2.2.05.21033151 allows attacker with log ne. CVE-2021-25420 
samsung’ galaxy_walch (plugin permissions to leak Wi-Fi password connected to the user eleriet 21 MISC 
smartphone within log. 
Information exposure vulnerability in Gear S Plugin prior to 
samsung -- gear_s version 2.2.05.20122441 allows unstrusted applications to 2021-06-11 eRe 7 
access connected BT device information. (ace 
Improper log management vulnerability in Watch Active2 Plugin 
= ; : prior to 2.2.08.21033151 version allows attacker with log 6. CVE-2021-25423 
eainsingWatenaeive ena permissions to leak Wi-Fi password connected to the user elena 2.1 MISC 
smartphone via log. 
Improper log management vulnerability in Watch Active Plugin 
_ : : prior to version 2.2.07.21033151 allows attacker with log nk. CVE-2021-25422 
salmeune)=: Wate active plugin permissions to leak Wi-Fi password connected to the user eine 21 MISC 
smartphone within log. 
Back to top 
Severity Not Yet Assigned 
Primary er F CVSS Source & Patch 
Vendor -- Product Reseapuen Pabiened Score | Info 
It was discovered that the process_report() function in 
data/whoopsie-upload-all allowed arbitrary file writes via 2021-06-12 HOt yet | Seve aaa taeeor 
ubuntu -- ubuntu : calculated ||MISC 
symlinks. 
FAcme TACKS SQL Injection in 74cms 3.2.0 via the key parameter to 2021-06-16 not yet |CVE-2020-22211 
plus/ajax_street.php. calculated ||MISC 
Tacs ~Téeme SQL Injection in 74cms 3.2.0 via the query parameter to 2021-06-16 not yet |CVE-2020-22209 
plus/ajax_common.php. calculated ||MISC 
74cms -- 74cms SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap- 2021-06-16 not yet ||CVE-2020-22212 
company-show.php. calculated ||MISC 
74cms -- 74cms SQL Injection in 74cms 3.2.0 via the x parameter to 2021-06-16 not yet |CVE-2020-22208 
plus/ajax_street.php. calculated MISC 
74cms -- 74cms SQL Injection in 74cms 3.2.0 via the x parameter to 2021-06-16 not yet |CVE-2020-22210 
ajax_officebuilding.php. calculated MISC 
Advantech WebAccess/SCADA Versions 9.0.1 and prior is 
advantech -- webaccess/scada vulnerable to redirection, which may allow an attacker to send a 2021-06-18 not yet |CVE-2021-32956 
maliciously crafted URL that could result in redirecting a user to a calculated MISC 
malicious webpage. 
Advantech WebAccess/SCADA Versions 9.0.1 and prior is 
advantech — webaccess/scada vulnerable to a directory traversal, which may allow an attacker to|| 2021-06-18 oe 
, : : calculated ||MISC 
remotely read arbitrary files on the file system. 
CVE-2020-9493 
apache -- chainsaw A deserialization flaw was found in Apache Chainsaw versions 2021-06-16 not yet |MISC 
prior to 2.1.0 which could lead to malicious code execution. calculated ||MLIST 
MLIST 
A vulnerability in the JsonMapObjectReaderWriter of Apache CVE-2021-30468 
apahiaasek CXF allows an attacker to submit malformed JSON to a web nat vet 
P service, which results in the thread getting stuck in an infinite 2021-06-16 lcaicied 











loop, consuming CPU indefinitely. This issue affects Apache CXF 
versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. 





























https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e4de40 





7/28 


6/21/2021 


Vulnerability Summary for the Week of June 14, 2021 

































































Stored Cross-site Scripting in the Captive Portal page. 
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Primary ae F Cvss Source & Patch 
Vendor -- Product PecenpHen Papilsher Score Info 
[Apache HTTP Server protocol handler for the HTTP/2 protocol 
checks received request headers against the size limitations as 
configured for the server and used for the HTTP/1 protocol as 
well. On violation of these restrictions and HTTP response is sent CVE-2021-31618 
to the client with a status code indicating why the request was MISC 
rejected. This rejection response was not fully initialised in the MISC 
apache -- http_server HTTP/2 protocol handler if the offending header was the very first 2021-06-15 not yet |MLIST 
one received or appeared in a a footer. This led to a NULL calculated ||MLIST 
pointer dereference on initialised memory, crashing reliably the MLIST 
child process. Since such a triggering HTTP/2 request is easy to FEDORA 
craft and submit, this can be exploited to DoS the server. This FEDORA 
issue affected mod_http2 1.15.17 and Apache HTTP Server 
version 2.4.47 only. Apache HTTP Server 2.4.47 was never 
released. 
CVE-2021-31812 
MISC 
MLIST 
MLIST 
h dfb In Apache PDFBox, a carefully crafted PDF file can trigger an ued fae 
epecne= Peer infinite loop while loading the file. This issue affects Apache 2021-06-12 i oe d |MLIST 
PDFBox version 2.0.23 and prior 2.0.x versions. vara MLIST 
MLIST 
MLIST 
MLIST 
MLIST 
7 ais In Apache PDFBox, a carefully crafted PDF file can trigger an paidt et 
epee eee OutOfMemory-Exception while loading the file. This issue affects || 2021-06-12 nt eT ee 
; : : calculated ||MLIST 
[Apache PDFBox version 2.0.23 and prior 2.0.x versions. MLIST 
MLIST 
MLIST 
MLIST 
MLIST 
Apollos Apps is an open source platform for launching church- 
related apps. In Apollos Apps versions prior to 2.20.0, new user 
registrations are able to access anyone's account by only 
apalios. ap6s =anolles ange knowing their basic profile information (name, birthday, gender, nak vat oo 
, app P app etc). This includes all app functionality within the app, as well as 2021-06-16 y alee 
: : bas calculated ||MISC 
any authenticated links to Rock-based webpages (such as giving CONFIRM 
and events). There is a patch in version 2.20.0. As a workaround, (eee 
one can patch one's server by overriding the ‘create’ data source 
method on the ‘People’ class. 
ate FOneSeAuinis dade Satis At Bandai Namco FromSoftware Dark Souls III allows remote 2021-06-15 not yet |CVE-2021-34170 
= = = — jlattackers to execute arbitrary code. calculated ||MISC 
A use after free in hermes, while emitting certain error messages, 
prior to commit 
bosch -- multiple_products d86e185e485b6330216dee8e854455c694e3a36e allows not yet CVE-2021-24037 
attackers to potentially execute arbitrary code via crafted 2021-06-15 éalculatea CONFIRM 
JavaScript. Note that this is only exploitable if the application CONFIRM 
using Hermes permits evaluation of untrusted JavaScript. Hence, 
most React Native applications are not affected. 
When using http protocol, the user password is transmitted as a 
; clear text parameter for which it is possible to be obtained by an 
BOSen > THUIaPIeDMauats attacker through a MITM attack. This will be fixed starting from 2021-06-18 thse Ae ee ee 
Firmware version 3.11.5, which will be released on the 30th of aca 
June, 2021. 
This vulnerability could allow an attacker to hijack a session while 
a user is logged in the configuration web page. This vulnerability 
bosch -- multiple_products was discovered by a security researcher in B426 and found 2021-06-18 not yet |CVE-2021-23845 
during internal product tests in B426-CN/B429-CN, and B426-M calculated ||CONFIRM 
and has been fixed already starting from version 3.08 on, which 
was released on June 2019. 
An authenticated Stored XSS (Cross-site Scripting) exists in the 
: F "captive.cgi" Captive Portal via the "Title of Login Page" text box CVE-2020-19202 
captive_portal -- captive_portal |)» TITLE" parameter in IPFire 2.21 (x86_ 64) - Core Update 130. || 2021-06-17 TO ecg (MISC 
It allows an authenticated WebGUI user with privileges to execute eaaaadel (7 11 
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checksec -- canopy 


CheckSec Canopy before 3.5.2 allows XSS attacks against the 
login page via the LOGIN_PAGE_DISCLAIMER parameter. 


2021-06-18 


not yet 
calculated 


CVE-2021-34815 
MISC 
MISC 
MISC 





CiSCO -- 
advanced_malware_protection 


A vulnerability in the Cisco Advanced Malware Protection (AMP) 


for Endpoints integration of Cisco AsyncOS for Cisco Email 
Security Appliance (ESA) and Cisco Web Security Appliance 
(WSA) could allow an unauthenticated, remote attacker to 
intercept traffic between an affected device and the AMP servers. 
This vulnerability is due to improper certificate validation when an 
affected device establishes TLS connections. A man-in-the- 
middle attacker could exploit this vulnerability by sending a 
crafted TLS packet to an affected device. A successful exploit 
could allow the attacker to spoof a trusted host and then extract 
sensitive information or alter certain API requests. 


2021-06-16 


not yet 
calculated 


CVE-2021-1566 
CISCO 








CISCO -- 
anyconnect_secure_mobility_client 


A vulnerability in the DLL loading mechanism of Cisco 
[AnyConnect Secure Mobility Client for Windows could allow an 
authenticated, local attacker to perform a DLL hijacking attack on 
an affected device if the VPN Posture (HostScan) Module is 
installed on the AnyConnect client. This vulnerability is due to a 
race condition in the signature verification process for DLL files 
that are loaded on an affected device. An attacker could exploit 
this vulnerability by sending a series of crafted interprocess 
communication (IPC) messages to the AnyConnect process. A 
successful exploit could allow the attacker to execute arbitrary 
code on the affected device with SYSTEM privileges. To exploit 
this vulnerability, the attacker must have valid credentials on the 
Windows system. 


2021-06-16 


not yet 
calculated 


CVE-2021-1567 
CISCO 








CiSCO -- 
anyconnect_secure_mobility_client 


A vulnerability in Cisco AnyConnect Secure Mobility Client for 
Windows could allow an authenticated, local attacker to cause a 
denial of service (DoS) condition on an affected system. This 
vulnerability is due to uncontrolled memory allocation. An 
attacker could exploit this vulnerability by copying a crafted file to 
a specific folder on the system. A successful exploit could allow 
the attacker to crash the VPN Agent service when the affected 
application is launched, causing it to be unavailable to all users of 
the system. To exploit this vulnerability, the attacker must have 
valid credentials on a multiuser Windows system. 


2021-06-16 


not yet 
calculated 


CISCO 








cisco -- jabber 


Multiple vulnerabilities in Cisco Jabber for Windows, Cisco 
Jabber for Mac, and Cisco Jabber for mobile platforms could 
allow an attacker to access sensitive information or cause a 
denial of service (DoS) condition. For more information about 
these vulnerabilities, see the Details section of this advisory. 


2021-06-16 


not yet 
calculated 


CVE-2021-1570 
CISCO 








cisco -- jabber 


Multiple vulnerabilities in Cisco Jabber for Windows, Cisco 
Jabber for Mac, and Cisco Jabber for mobile platforms could 
allow an attacker to access sensitive information or cause a 
denial of service (DoS) condition. For more information about 
these vulnerabilities, see the Details section of this advisory. 


2021-06-16 


not yet 
calculated 


CVE-2021-1569 


CVE-2021-1568 
EBs 





cisco -- meeting_server 


A vulnerability in the API of Cisco Meeting Server could allow an 


authenticated, remote attacker to cause a denial of service (DoS) 
condition on an affected device. This vulnerability exists because 
requests that are sent to the API are not properly validated. An 
attacker could exploit this vulnerability by sending a malicious 
request to the API. A successful exploit could allow the attacker 
to cause all participants on a call to be disconnected, resulting in 
a DoS condition. 


2021-06-16 


not yet 
calculated 


CVE-2021-1524 
CISCO 








CiSCo -- 


Multiple vulnerabilities in the web-based management interface of 
Cisco Small Business 220 Series Smart Switches could allow an 
attacker to do the following: Hijack a user session Execute 


small_business_220_series_smart_|samititresy commands as a root user on the underlying operating 


system Conduct a cross-site scripting (XSS) attack Conduct an 
HTML injection attack For more information about these 
vulnerabilities, see the Details section of this advisory. 


2021-06-16 


not yet 
calculated 


CVE-2021-1543 
CISCO 








Cisco -- 











Multiple vulnerabilities in the web-based management interface of 
Cisco Small Business 220 Series Smart Switches could allow an 
attacker to do the following: Hijack a user session Execute 


small_business_220_series_smart_|samititresy commands as a root user on the underlying operating 


system Conduct a cross-site scripting (XSS) attack Conduct an 
HTML injection attack For more information about these 





vulnerabilities, see the Details section of this advisory. 


https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e4de40 








2021-06-16 








not yet 
calculated 


CVE-2021-1542 
CISCO 
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CiSCo -- 


small_business_220_series_smart_|samititresy commands as a root user on the underlying operating 


Cisco Small Business 220 Series Smart Switches could allow an 
attacker to do the following: Hijack a user session Execute 


system Conduct a cross-site scripting (XSS) attack Conduct an 
HTML injection attack For more information about these 
vulnerabilities, see the Details section of this advisory. 


Multiple vulnerabilities in the web-based management interface of 


2021-06-16 


not yet 
calculated 


CVE-2021-1571 
CISCO 








Cisco -- 


small_business_220_series_smart_awititrary commands as a root user on the underlying operating 


Multiple vulnerabilities in the web-based management interface of 
Cisco Small Business 220 Series Smart Switches could allow an 
attacker to do the following: Hijack a user session Execute 


system Conduct a cross-site scripting (XSS) attack Conduct an 
HTML injection attack For more information about these 
vulnerabilities, see the Details section of this advisory. 


2021-06-16 


not yet 
calculated 


CVE-2021-1541 
CISCO 








cisco -- unified_intelligence_center 


A vulnerability in the web-based management interface of Cisco 
Unified Intelligence Center could allow an unauthenticated, 
remote attacker to conduct a cross-site scripting (XSS) attack 
against a user of the interface. This vulnerability exists because 
the web-based management interface does not properly validate 
user-supplied input. An attacker could exploit this vulnerability by 
persuading a user of the interface to click a crafted link. A 
successful exploit could allow the attacker to execute arbitrary 
script code in the context of the interface or access sensitive, 
browser-based information. 


2021-06-16 


not yet 
calculated 


CVE-2021-1395 
CISCO 








citrix -- 
adc_and_netscaler_gateway 


Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 
12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, 
and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 
11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled 
resource consumption by way of a network-based denial-of- 
service from within the same Layer 2 network segment. Note that 
the attacker must be in the same Layer 2 network segment as the 
vulnerable appliance. 


2021-06-16 


not yet 
calculated 


MISC 








citrix -- 
adc_and_netscaler_gateway 


Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 
12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1- 
55.238 suffer from improper access control allowing SAML 
authentication hijack through a phishing attack to steal a valid 
user session. Note that Citrix ADC or Citrix Gateway must be 
configured as a SAML SP or a SAML IdP for this to be possible. 


2021-06-16 


not yet 
calculated 


CVE-2020-8300 
MISC 








citrix -- cloud_connector 


Citrix Cloud Connector before 6.31.0.62192 suffers from insecure 
storage of sensitive information due to sensitive information being 
stored in the Citrix Cloud Connector installation log files. Such 
information could be used by an malicious actor to access a Citrix 
Cloud environment. This issue affects all versions of Citrix Cloud 
Connector that were installed by passing secure client 
parameters for installation via the command line. The issue does 
not affect Citrix Cloud Connector if it was installed using the 
interactive installer or where a parameter file was used with the 
command-line installer. 


2021-06-16 


not yet 
calculated 


CVE-2021-22914 
MISC 


CVE-2020-8299 





civicrm -- civicrm 


5.24.3, users may be able to upload and execute a crafted PHAR 
archive. 


In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 


2021-06-17 


not yet 
calculated 





CVE-2020-36388 
MISC 








civicrm -- civicrm 


In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, 
the CKEditor configuration form allows CSRF. 


2021-06-17 


not yet 
calculated 


CVE-2020-36389 
MISC 








cleo -- lexicom 


An issue was discovered in Cleo LexiCom 5.5.0.0. The 
requirement for the sender of an AS2 message to identify 
themselves (via encryption and signing of the message) can be 
bypassed by changing the Content-Type of the message to 
text/plain. 


2021-06-18 


not yet 
calculated 


CVE-2021-33577 
MISC 
MISC 








cleo -- lexicom 


[An issue was discovered in Cleo LexiCom 5.5.0.0. Within the 
IAS2 message, the sender can specify a filename. This filename 
can include path-traversal characters, allowing the file to be 
written to an arbitrary location on disk. 


2021-06-18 


not yet 
calculated 


MISC 
MISC 








connectwise -- automate 


An issue was discovered in ConnectWise Automate before 
2021.5. A blind SQL injection vulnerability exists in core agent 
inventory communication that can enable an attacker to extract 
database information or administrative credentials from an 
instance via crafted monitor status responses. 


2021-06-17 


not yet 
calculated 


CVE-2021-32582 
MISC 
MISC 


oo 
= 








contiki-ng -- contiki-ng 








Contiki-NG is an open-source, cross-platform operating system 
for internet of things devices. A buffer overflow vulnerability exists 
in Contiki-NG versions prior to 4.6. After establishing a TCP 
socket using the tcp-socket library, it is possible for the remote 
end to send a packet with a data offset that is unvalidated. The 
problem has been patched in Contiki-NG 4.6. Users can apply 











the patch for this vulnerability out-of-band as a workaround. 
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not yet 
calculated 


CVE-2021-21281 
MISC 
CONFIRM 
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contiki-ng -- contiki-ng 


Contiki-NG is an open-source, cross-platform operating system 


for internet of things devices. In versions prior to 4.5, buffer 
overflow can be triggered by an input packet when using either of 
Contiki-NG's two RPL implementations in source-routing mode. 
The problem has been patched in Contiki-NG 4.5. Users can 
apply the patch for this vulnerability out-of-band as a workaround. 


2021-06-18 


not yet 
calculated 


CVE-2021-21282 








contiki-ng -- contiki-ng 


Contiki-NG is an open-source, cross-platform operating system 
for internet of things devices. It is possible to cause an out-of- 
bounds write in versions of Contiki-NG prior to 4.6 when 
transmitting a G6LoWPAN packet with a chain of extension 
headers. Unfortunately, the written header is not checked to be 
within the available space, thereby making it possible to write 
outside the buffer. The problem has been patched in Contiki-NG 
4.6. Users can apply the patch for this vulnerability out-of-band 
as a workaround. 


2021-06-18 


not yet 
calculated 


CVE-2021-21280 








contiki-ng -- contiki-ng 


Contiki-NG is an open-source, cross-platform operating system 
for internet of things devices. In verions prior to 4.6, an attacker 
can perform a denial-of-service attack by triggering an infinite 
loop in the processing of IPv6 neighbor solicitation (NS) 
messages. This type of attack can effectively shut down the 
operation of the system because of the cooperative scheduling 
used for the main parts of Contiki-NG and its communication 
stack. The problem has been patched in Contiki-NG 4.6. Users 
can apply the patch for this vulnerability out-of-band as a 
workaround. 


2021-06-18 


not yet 
calculated 


CVE-2021-21279 
CONFIRM 








contiki-ng -- contiki-ng 


Contiki-NG is an open-source, cross-platform operating system 
for internet of things devices. The RPL-Classic and RPL-Lite 
implementations in the Contiki-NG operating system versions 
prior to 4.6 do not validate the address pointer in the RPL source 
routing header This makes it possible for an attacker to cause 
out-of-bounds writes with packets injected into the network stack. 
Specifically, the problem lies in the rp|_ext_header_srh_update 
function in the two rpl-ext-header.c modules for RPL-Classic and 
RPL-Lite respectively. The addr_ptr variable is calculated using 
an unvalidated CMPR field value from the source routing header. 
An out-of-bounds write can be triggered on line 151 in 
os/net/routing/rpl-lite/rpl-ext-header.c and line 261 in 
os/net/routing/rpl-classic/rpl-ext-header.c, which contain the 
following memcpy call with addr_ptr as destination. The problem 
has been patched in Contiki-NG 4.6. Users can apply a patch 
out-of-band as a workaround. 


2021-06-18 


not yet 
calculated 


CVE-2021-21257 
MISC 
CONFIRM 








contiki-ng -- contiki-ng 


Contiki-NG is an open-source, cross-platform operating system 
for Next-Generation loT devices. An out-of-bounds read can be 
triggered by BLOWPAN packets sent to devices running Contiki- 
NG 4.6 and prior. The IPv6 header decompression function 
(<code>uncompress_hdr_iphc</code>) does not perform proper 
boundary checks when reading from the packet buffer. Hence, it 
is possible to construct a compressed 6LOWPAN packet that will 
read more bytes than what is available from the packet buffer. As 
of time of publication, there is not a release with a patch 
available. Users can apply the patch for this vulnerability out-of- 
band as a workaround. 


2021-06-18 


not yet 
calculated 


CVE-2021-21410 
CONFIRM 
MISC 








curl -- curl 


curl 7.7 through 7.76.1 suffers from an information disclosure 
when the *-t’ command line option, known as 
*CURLOPT_TELNETOPTIONS in libcurl, is used to send 
variable=content pairs to TELNET servers. Due to a flaw in the 
option parser for sending NEW_ENV variables, libcurl could be 
made to pass on uninitialized data from a stack based buffer to 
the server, resulting in potentially revealing sensitive internal 
information to the server using a clear-text network protocol. 


2021-06-11 


not yet 
calculated 


CVE-2021-22898 
MISC 

MISC 

MISC 

MLIST 








d-link -- dir-2640-us 


D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. 
There are multiple out-of-bounds vulnerabilities in some 
processes of D-Link AC2600(DIR-2640). Local ordinary users 
can overwrite the global variables in the .bss section, causing the 
process crashes or changes. 


2021-06-16 


not yet 
calculated 


CVE-2021-34201 
MISC 
MISC 
MISC 
MISC 








d-link -- dir-2640-us 











D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access 
Control. Router ac2600 (dir-2640-us), when setting PPPoE, will 
start quagga process in the way of whole network monitoring, 
and this function uses the original default password and port. An 
attacker can easily use telnet to log in, modify routing information, 
monitor the traffic of all devices under the router, hijack DNS and 
phishing attacks. In addition, this interface is likely to be 
questioned by customers as a backdoor, because the interface 
should not be exposed. 








2021-06-16 








not yet 
calculated 


CVE-2021-34203 
MISC 
MISC 
MISC 
MISC 
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patched in version 2.1.59. As a workaround, ensure the 








connector is not exposed without authentication. 














Primary Fr F CVvss Source & Patch 
Vendor -- Product Pescnpien Pabllsher Score Info 
There are multiple out-of-bounds vulnerabilities in some 
processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary eee 
, : ee a nga MISC 
d-link -- dir-2640-us permissions can be elevated to administrator permissions, not yet 
oe : ; 2021-06-16 MISC 
resulting in local arbitrary code execution. An attacker can calculated MISC 
combine other vulnerabilities to further achieve the purpose of MISC 
remote code execution. —— 
D-Link DIR-2640-US 1.01B04 is affected by Insufficiently 
Protected Credentials. D-Link AC2600(DIR-2640) stores the CVE-2021-34204 
: : device system account password in plain text. It does not use MISC 
Punk aie ene ue linux user management. In addition, the passwords of all devices |) 2021-06-16 Rs heat MISC 
are the same, and they cannot be modified by normal users. An MISC 
attacker can easily log in to the target router through the serial MISC 
port and obtain root privileges. 
Db2 for Linux, UNIX and Windows (includes Db2 Connect 
db2 -- db2 Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as 2021-06-16 not yet a 
the server terminates abnormally when executing a specially calculated CONFIRM 
crafted SELECT statement. IBM X-Force ID: 200658. i 
dedecms -- dedecms SQL Injection vulnerability in DedeCMS 5.7 via mdescription not yet ee 
P 2021-06-16 MISC 
parameter to member/ajax_membergroup.php. calculated MISC 
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, 
MX740c, MX840c, and T640 Server BIOS contain a stack-based 
buffer overflow vulnerability in systems with NVDIMM-N installed. 
dell -- poweredge (A local malicious user with high privileges may potentially exploit || 2021-06-14 BOL YE ete eres ee 
. ne , d : ; calculated ||CONFIRM 
this vulnerability, leading to a denial of Service, arbitrary code 
execution, or information disclosure in UEFI or BIOS Preboot 
Environment. 
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, 
MX740c, MX840c, and T640 Server BIOS contain a heap-based 
buffer overflow vulnerability in systems with NVDIMM-N installed. 
dell -- poweredge A local malicious user with high privileges may potentially exploit || 2021-06-14 not yet |GVE-202121556 
: i : ; P : calculated ||CONFIRM 
this vulnerability, leading to a denial of Service, arbitrary code 
execution, or information disclosure in UEFI or BIOS Preboot 
Environment. 
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, 
MX740c, MX840c, and, Dell Precision 7920 Rack Workstation 
BIOS contain a stack-based buffer overflow vulnerability in 
dell -- poweredge systems with Intel Optane DC Persistent Memory installed. A 2021-06-14 not yet |CVE-2021-21554 
local malicious user with high privileges may potentially exploit calculated ||CONFIRM 
this vulnerability, leading to a denial of Service, arbitrary code 
execution, or information disclosure in UEFI or BIOS Preboot 
Environment. 
Dell PowerEdge Server BIOS and select Dell Precision Rack 
dell -- BIOS contain an out-of-bounds array access vulnerability. A local 
. ._jimalicigus user with high privileges may potentially exploit this ne. not yet |CVE-2021-21557 
Paweredge Semel bide andr neal Rinses WY? leading to a denial of service, arbitrary code eve Rents calculated ||CONFIRM 
execution, or information disclosure in System Management 
Mode. 
SQL Injection in ECShop 3.0 via the id parameter to not yet |CVE-2020-22205 
PESnOpi= GGSHap admin/shophelp.php. 2021-06-16 |! -aicuiated MISC 
SQL Injection in ECShop 3.0 via the aid parameter to not yet |CVE-2020-22206 
Posie pesnop admin/affiliate_ck.php. 2021-06-16 |! -aicuiated MISC 
ecshop -- ecshop SQL Injection in ECShop 2.7.6 via the goods_number parameter not yet |CVE-2020-22204 
2021-06-16 
to flow.php. . calculated ||MISC 
An information disclosure vulnerability exists in the Ethernet/IP 
eip -- stack_group_opener UDP handler functionality of EIP Stack Group OpENer 2.3 and 2021-06-17 not yet |CVE-2021-21777 
development commit 8c73bf3. A specially crafted network calculated ||MISC 
request can lead to an out-of-bounds read. 
CVE-2013-20002 
eiaimin=elemin Elemin allows remote attackers to upload and execute arbitrary riot vet MISC 
PHP code via the Themify framework (before 1.2.2) wp- 2021-06-17 Rn aa MISC 
content/themes/elemin/themify/themify-ajax.php file. MISC 
MISC 
elFinder is an open-source file manager for web, written in 
JavaScript using jQuery UI. Several vulnerabilities affect elFinder 
ltinder<aiinder 2.1.58. These vulnerabilities can allow an attacker to execute Hobvet CVE-2021-32682 
arbitrary code and commands on the server hosting the elFinder || 2021-06-14 eed MISC 
PHP connector, even with minimal configuration. The issues were CONFIRM 
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Primary wr F CVvss Source & Patch 
Vendor -- Product PeScupHen Pabllsher Score Info 
[An issue was discovered on Enphase Envoy R3.x and D4.x 
devices. There is a custom PAM module for user authentication 
that circumvents traditional user authentication. This module uses nokvat an 
enphase -- envoy a password derived from the MD5 hash of the username and 2021-06-16 y Peiprs 
; ‘ , calculated MISC 
serial number. The serial number can be retrieved by an MISC 
unauthenticated user at /info.xml. Attempts to change the user hea 
password via passwd or other tools have no effect. 
[An issue was discovered on Enphase Envoy R3.x and D4.x CVE-2020-25753 
enphase -- envoy devices with v3 software. The default admin password is set to 2021-06-16 not yet MISC 
the last 6 digits of the serial number. The serial number can be calculated ||MISC 
retrieved by an unauthenticated user at /info.xml. MISC 
[An issue was discovered on Enphase Envoy R3.x and D4.x 
devices. There are hardcoded web-panel login passwords for the 
installer and Enphase accounts. The passwords for these CVE-2020-25752 
enphase -- envoy accounts are hardcoded values derived from the MD5 hash of the 2021-06-16 not yet MISC 
username and serial number mixed with some static strings. The calculated ||MISC 
serial number can be retrieved by an unauthenticated user at MISC 
/info.xml. These passwords can be easily calculated by an 
attacker; users are unable to change these passwords. 
[An issue was discovered on Enphase Envoy R3.x and D4.x (and CVE-2020-25755 
enphase -- envoy other current) devices. The upgrade_start function in 2021-06-16 not yet MISC 
/installer/upgrade_start allows remote authenticated users to calculated ||MISC 
execute arbitrary commands via the force parameter. MISC 
An issue was discovered in EXCELLENT INFOTEK 
CORPORATION (EIC) E-document System 3.0. A remote 
excellent_infotek_corporation -- e- |lattacker can use kw/auth/bbs/asp/get_user_email_info_bbs.asp natvet CVE-2021-34683 
document_system to obtain the contact information (name and e-mail address) of 2021-06-16 y MISC 
‘ : sia ae ; calculated 
everyone in the entire organization. This information can allow MISC 
remote attackers to perform social engineering or brute force 
attacks against the system login page. 
fiyo -- cms In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an 2021-06-17 not yet i anaes 
unauthenticated XSS attack. calculated ||MISC 
fogproject -- fogproject FOGProject v1.5.9 is affected by a File Upload RCE 2021-06-16 not yet 7 ema 
(Authenticated). calculated ||MISC 
This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of Foxit PhantomPDF 
10.1.3.37598. User interaction is required to exploit this 
vulnerability in that the target must visit a malicious page or open CVE-2021-31476 
foxit -- phantompdf a malicious file. The specific flaw exists within the handling of 2021-06-16 not yet MISC... 
XFA templates. The issue results from the lack of proper calculated MISC 
validation of user-supplied data, which can result in a type fegaeme 
confusion condition. An attacker can leverage this vulnerability to 
execute code in the context of the current process. Was ZDI- 
CAN-13531. 
This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of GE Reason RPV311 14A03. 
aSueaeen We Authentication is not required to exploit this vulnerability. The not vet ICVE-2021-31477 
9 —/P specific flaw exists within the firmware and filesystem of the 2021-06-16 | ae d MISC 
device. The firmware and filesystem contain hard-coded default aileaeiabdeal | (oi 
credentials. An attacker can leverage this vulnerability to execute 
code in the context of the download user. Was ZDI-CAN-11852. 
In Chromecast bootROM, there is a possible out of bounds write 
due to an incorrect bounds check. This could lead to local 
google -- android escalation of privilege in the bootloader, with physical USB 2021-06-14 not yet CVE-2021-0467 
access, with no additional execution privileges needed. User calculated ||MISC 
interaction is not needed for exploitation.Product: 
AndroidVersions: Android SoCAndroid ID: A-174490700 
doodle = enetere Product: AndroidVersions: Android SoCAndroid ID: A-175402462 | 2021-06-14 || Mot yet a aa 
calculated ||MISC 
Badle ehrone Use after free in Autofill in Google Chrome prior to 91.0.4472.101 natvet CVE-2021-30546 
goog allowed a remote attacker to potentially exploit heap corruption 2021-06-15 | a d MISC 
via a crafted HTML page. eae Mee 
Use after free in BFCache in Google Chrome prior to CVE-2021-30544 
google: chrome 91.0.4472.101 allowed a remote attacker to potentially exploit 2021-06-15 is 4 Misc 
heap corruption via a crafted HTML page. Saree Mise 
Use after free in Extensions in Google Chrome prior to 
google -- chrome 91.0.4472.101 allowed a remote attacker who had compromised 2021-06-15 not yet oo 
the renderer process to potentially exploit heap corruption via a calculated MISC 
crafted HTML page. —— 
Use after free in Accessibility in Google Chrome prior to 
google -- chrome 91.0.4472.101 allowed an attacker who convinced a user to 2021-06-15 not yet ‘ee 
install a malicious extension to potentially exploit heap corruption calculated MISC 








via a crafted HTML page. 
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hasicorp -- HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 not vet CVE-2021-32575 
nomad_and_nomad_enterprise bridge networking mode allows ARP spoofing from other bridged || 2021-06-17 aieies MISC 
tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. MISC 











Helm is a tool for managing Charts (packages of pre-configured 
Kubernetes resources). In versions of helm prior to 3.6.1, a 
vulnerability exists where the username and password 
credentials associated with a Helm repository could be passed on 
to another domain referenced by that Helm repository. This issue 
has been resolved in 3.6.1. There is a workaround through which 
helm -- helm one may check for improperly passed credentials. One may use 2021-06-16 not yet 
a username and password for a Helm repository and may audit calculated 
the Helm repository in order to check for another domain being 
used that could have received the credentials. In the ‘index.yaml” 
file for that repository, one may look for another domain in the 
‘urls’ list for the chart versions. If there is another domain found 
and that chart version was pulled or installed, the credentials 
would be passed on. 


Cross-site Scripting (XSS) vulnerability in the main dashboard of 
Ellipse APM versions allows an authenticated user or integrated 
application to inject malicious data into the application that can 
hitachi -- abb_power_grids_ ellipse then be executed in a victim’s browser. This issue affects: Hitachi || 2021-06-14 
ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior 
versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 
5.1.0.6 and prior versions. 


Information Exposure vulnerability in Hitachi ABB Power Grids 
eSOMS allows unauthorized user to gain access to report data if 
the URL used to access the report is discovered. This issue 2021-06-14 
affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 
6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. 


Improper Input Validation vulnerability in Hitachi ABB Power 
Grids Relion 670 Series, Relion 670/650 Series, Relion 
670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, 
FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker 
with access to the IEC 61850 network with knowledge of how to 
reproduce the attack, as well as the IP addresses of the different 
IEC 61850 access points (of IEDs/products), to force the device 
to reboot, which renders the device inoperable for approximately 
60 seconds. This vulnerability affects only products with IEC 
61850 interfaces. This issue affects: Hitachi ABB Power Grids 
Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 
versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 
2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 
670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB 2021-06-14 
Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 


CVE-2021-32690 
MISC 
CONFIRM 








not yet |CVE-2021-27887 
calculated ||CONFIRM 








hitachi -- abb_power_grids_esoms not yet |CVE-2021-26845 


calculated ||CONFIRM 








CVE-2021-27196 
CONFIRM 
CONFIRM 

not yet CONFIRM 
calculated ||CONFIRM 


hitachi -- multiple_ products 





















































2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 Sonar 

versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; CONFIRM 

7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series [pes ener 

7.x version 7.x and prior versions; 8.x version 8.x and prior 

versions; 9.x version 9.x and prior versions; 10.x version 10.x and 

prior versions; 11.x version 11.x and prior versions; 12.x version 

12.x and prior versions. Hitachi ABB Power Grids FOX615 

(TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB 

Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB 

Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. 

Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 

1.1 versions prior to 1.1.0.1. 

IBM AIX 7.1 could allow a non-privileged local user to exploit a not vet CVE-2021-29706 
ibm -- aix vulnerability in the trace facility to expose sensitive information or || 2021-06-17 icicied XE 

cause a denial of service. IBM X-Force ID: 200663. CONFIRM 

IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable 
ibm -- to cross-site scripting. This vulnerability allows users to embed not vet CVE-2020-5000 
financial_transaction_manager arbitrary JavaScript code in the Web UI thus altering the intended |) 2021-06-15 Led XE 

functionality potentially leading to credentials disclosure within a CONFIRM 

trusted session. IBM X-Force ID: 192952. 
‘inn cttesiiant sear IBM Resilient SOAR V38.0 uses weaker than expected not yet CVE-2021-20566 

= cryptographic algorithms that could allow an attacker to decrypt 2021-06-16 calculated CONFIRM 

highly sensitive information. IBM X-Force ID: 199238. XE 

ibniessfesiltent soar IBM Resilient SOAR V38.0 could allow a local privileged attacker not yet CVE-2021-20567 
= to obtain sensitive information due to improper or nonexisting 2021-06-16 éaiculated CONFIRM 
encryption.IBM X-Force ID: 199239. XE 
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Primary Sai F CVvss Source & Patch 
Vendor -- Product Pesenpiel Pabilsher Score Info 
IBM Security Identity Manager 6.0.2 could allow an authenticated 
malicious user to change the passwords of other users in the not vet CVE-2021-20488 
ibm -- security_identity_manager Windows AD environment when IBM Security Identity Manager 2021-06-16 ais XE 
Windows Password Synch Plug-in is deployed and configured. CONFIRM 
IBM X-Force ID: 197789. 
IBM Security Identity Manager 6.0.2 is vulnerable to server-side CVE-2021-20483 
ibm -- security_identity_manager _ |lrequest forgery (SSRF). By sending a specially crafted request, a 2021-06-16 not yet wee 
remote authenticated attacker could exploit this vulnerability to calculated CONFIRM 
obtain sensitive data. IBM X-Force ID: 197591. =r 
An issue was discovered in IdeBusDxe in Insyde InsydeH20 5.x. 
Code in system management mode calls a function outside of 
SMRANM in response to a crafted software SMI, aka Inclusion of nokvet CVE-2020-27339 
insyde -- insydeh2o Functionality from an Untrusted Control Sphere. Modifying the 2021-06-16 ied MISC 
well-known address of this function allows an attacker to gain MISC 
control of the system with the privileges of system management 
mode. 
Improper permissions in the installer for the Intel(R) Brand 
intel -- brand_verification_tool Verification Tool before version 11.0.0.1225 may allow an 2021-06-17 not yet |CVE-2021-0143 
authenticated user to potentially enable escalation of privilege via calculated MISC 
local access. 
Jact OpenClinic 0.8.20160412 allows the attacker to read server 
jact -- openclinic files after login to the the admin account by an infected 'file' GET 2021-06-16 not yet ||CVE-2020-20444 
parameter in '/shared/view_source.php' which "could" lead to calculated ||CONFIRM 
RCE vulnerability . 
\jdom -- saxbuilder An XXE issue in SAXBuilder in JDOM through 2.0.6 allows 2021-06-16 not yet MISC 
attackers to cause a denial of service via a crafted HTTP request. calculated ||MISC 
MISC 
jenkins -- Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not Vek CVE-2021-21669 
generic_webhook_trigger_plugin _|not configure its XML parser to prevent XML external entity (XXE)||_ 2021-06-18 y CONFIRM 
calculated 
attacks. MLIST 
Jenkins Scriptler Plugin 3.2 and earlier does not escape 
rae : parameter names shown in job configuration forms, resulting in a not yet pada ales 
jenkins -- scriptler : Raat i : 2021-06-16 CONFIRM 
stored cross-site scripting (XSS) vulnerability exploitable by calculated MLIST 
attackers with Scriptler/Configure permission. acaaaal 
Jenkins Scriptler Plugin 3.1 and earlier does not escape script 
jenkins -- scriptler content, resulting in a stored cross-site scripting (XSS) 2021-06-16 not yet AE 
vulnerability exploitable by attackers with Scriptler/Configure calculated MLIST 
permission. ——— 
[An issue was discovered in JPress v3.3.0 and below. There are CVE-2021-33347 
\jpress -- jpress XSS vulnerabilities in the template module and tag management 2021-06-18 not yet MISC.t~™S 
module. If you log in to the background by means of weak calculated MISC 
password, the storage XSS vulnerability can occur. reese 
kuaifancms -- kuaifancms KuaiFanCMS V5.x contains an arbitrary file read vulnerability in 2021-06-11 not yet CVE-2021-3256 
the html_url parameter of the chakanhtmlI.module.php file. calculated ||MISC 
LaikeTui 3.5.0 allows remote authenticated users to delete 
laiketui -- laiketui arbitrary files, as demonstrated by deleting install.lock in order to 
reinstall the product in an attacker-controlled manner. This 2021-06-15 hot yet (eae 
aaee ; caer , calculated ||MISC 
deletion is possible via directory traversal in the uploadimg, 
oldpic, or imgurl parameter. 
laiketui -- laiketui arbitrary PHP code by using index.php? 2021-06-15 not yet |CVE-2021-34128 
module=system&action=pay to upload a ZIP archive containing a calculated MISC 
.php file, as demonstrated by the ../../../../phpinfo.php pathname. 
F : net/can/bcm.c in the Linux kernel through 5.12.10 allows local CVE-2021-34693 
Hate Keine users to obtain sensitive information from kernel stack memory 2021-06-14 Baie MISC 
because parts of a data structure are uninitialized. MLIST 
An Out-of-Bounds Read was discovered in arch/arm/mach- 
linux -- linux. kernel footbridge/personal-pci.c in the Linux kernel through 5.12.11 natvet aa 
= because of the lack of a check for a value that shouldn't be 2021-06-17 y 
; calculated ||CONFIRM 
negative, e.g., access to element -2 of an array, aka CID- MISC 
298a58e165e4. —— 
lutils -- lutils All versions of package lutils are vulnerable to Prototype Pollution 2021-06-17 not yet |CVE-2021-23396 
via the main (merge) function. calculated ||MISC 
magento-scripts contains scripts and configuration used by 
Create Magento App, a zero-configuration tool-chain which 
naaeenie = taaaente allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after not vet CVE-2021-32684 
9 9 changing the function from synchronous to asynchronous there 2021-06-14 eetaid MISC 
wasn't implemented handler in the start, stop, exec, and logs CONFIRM 











commands, effectively making them unusable. Version 1.5.3 
contains patches for the problems. 
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[An XSS issue was discovered in 

mantisbt -- mantisbt manage_custom_field_edit_page.php in MantisBT before 2.25.2. 2021-06-17 not yet fen 
Unescaped output of the return parameter allows an attacker to calculated CONFIRM 

inject code into a hidden input field. ——— 


Matrix-appservice-bridge is the bridging service for the Matrix 
communication program's application services. In versions 2.6.0 
and earlier, if a bridge has room upgrade handling turned on in 
the configuration (the “roomUpgradeOpts’ key when instantiating 
a new ‘Bridge’ instance.), any ‘m.room.tombstone’ event it 
encounters will be used to unbridge the current room and bridge CVE-2021-32659 
matrix -- appservice-bridge into the target room. However, the target room ‘m.room.create” 2021-06-16 not yet MISC 

event is not checked to verify if the ‘~predecessor’ field contains calculated ||MISC 
the previous room. This means that any malicious admin of a CONFIRM 
bridged room can repoint the traffic to a different room without the 
new room being aware. Versions 2.6.1 and greater are patched. 
As a workaround, disabling the automatic room upgrade handling 
can be done by removing the ‘roomUpgradeOpts’ key from the 
‘Bridge’ class options. 


Matrix libolm before 3.2.3 allows a malicious Matrix homeserver 

to crash a client (while it is attempting to retrieve an Olm CVE-2021-34813 

matrix -- libolm encrypted room key backup from the homeserver) because 2021-06-16 not yet MISC 
olm_pk_decrypt has a stack-based buffer overflow. Remote code calculated ||MISC 

execution might be possible for some nonstandard build MISC 

configurations. 


The login page in the MCUsystem does not filter with special 
characters, which allows remote attackers can inject JavaScript 2021-06-18 
without privilege and thus perform reflected XSS attacks. 























mcusystem -- mcusystem not yet |CVE-2021-32536 


calculated |IMISC 
































A local file inclusion vulnerability was discovered in the captcha 
mens hamianske function in Monstra 3.0.4 which allows remote attackers to 2021-06-17 ee aril 
execute arbitrary PHP code. ——— 
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote 
meee ineesle attackers to execute arbitrary web script or HTML via the 2021-06-16 notyet | VE-2021-2264 
" ti a calculated MISC 
Description" field. —— 
(An issue was discovered on MOXA Mgate MB3180 Version 2.1 CVE-2021-33823 
moxa -- mgate_mb3180 Build 18113012. Attacker could send a huge amount of TCP SYN notyet liga OO 
a 2021-06-18 MISC 
packet to make web service's resource exhausted. Then the web calculated MISC 
server is denial-of-service. ar 
(An issue was discovered on MOXA Mgate MB3180 Version 2.1 
Build 18113012. Attackers can use slowhttptest tool to send veel eee 
moxa -- mgate_mb3180 ‘ ‘ ays not yet MISC 
incomplete HTTP request, which could make server keep waiting || 2021-06-18 calculated MISC 


for the packet to finish the connection, until its resource 
exhausted. Then the web server is denial-of-service. 


This affects all versions of package nedb. The library could be 
tricked into adding or modifying properties of Object.prototype 2021-06-15 
using a___proto__ or constructor.prototype payload. 


Nextcloud Android app is the Android client for Nextcloud. In 

versions prior to 3.15.1, a malicious application on the same 
device is possible to crash the Nextcloud Android Client due to 2021-06-17 
an uncaught exception. The vulnerability is patched in version 


MISC 








nedb -- nedb not yet |CVE-2021-23395 


calculated |IMISC 








nextcloud -- android_app not yet CONFIRM 


calculated |IMISC 














3.151, MISC 

Nextcloud Android app is the Android client for Nextcloud. In 

versions prior to 3.16.1, a malicious app on the same device 

could have gotten access to the shared preferences of the CVE-2021-32695 
nextcloud -- android_app Nextcloud Android application. This required user-interaction as a 2021-06-17 not yet MISC 

victim had to initiate the sharing flow and choose the malicious calculated ||MISC 

app. The shared preferences contain some limited private data CONFIRM 

such as push tokens and the account name. The vulnerability is 

patched in version 3.16.1. 

Nextcloud Talk is a fully on-premises audio/video and chat 

communication service. Password protected shared chats in Talk 
extcloud =: taille before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the not yet CVE-2021-32676 

session cookie after a successful authentication event. It is 2021-06-16 éaiciilated CONFIRM 

recommended that the Nextcloud Talk App is upgraded to 9.0.10, MISC 


10.0.8 or 11.2.2. No workarounds for this vulnerability are known 
to exist. 


Affected versions of Octopus Server are prone to an 
authenticated SQL injection vulnerability in the Events REST API 
because user supplied data in the API request isn’t 2021-06-17 
parameterised correctly. Exploiting this vulnerability could allow 
unauthorised access to database tables. 








octopus -- server not yet |CVE-2021-31818 


calculated |IMISC 
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open_design_alliance -- 
drawings_sdk 


An out-of-bounds write issue exists in the DWG file-reading 
procedure in the Drawings SDK (All versions prior to 2022.4) 
resulting from the lack of proper validation of user-supplied data. 
This can result in a write past the end of an allocated buffer and 
allow attackers to cause a denial-of-service condition or execute 
code in the context of the current process. 


2021-06-17 


not yet 
calculated 


CVE-2021-32948 
MISC 








open_design_alliance -- 
drawings_sdk 


An out-of-bounds read issue exists in the DWG file-recovering 
procedure in the Drawings SDK (All versions prior to 2022.4) 
resulting from the lack of proper validation of user-supplied data. 
This can result in a read past the end of an allocated buffer and 
allow attackers to cause a denial-of-service condition or read 
sensitive information from memory locations. 


2021-06-17 


not yet 
calculated 


CVE-2021-32940 
MISC 








open_design_alliance -- 
drawings_sdk 


An out-of-bounds read issue exists within the parsing of DXF files 
in the Drawings SDK (All versions prior to 2022.4) resulting from 
the lack of proper validation of user-supplied data. This can result 
in a read past the end of an allocated buffer and allows attackers 
to cause a denial-of-service condition or read sensitive 
information from memory locations. 


2021-06-17 


not yet 
calculated 


CVE-2021-32950 
MISC 








open_design_alliance -- 
drawings_sdk 


A use-after-free issue exists in the DGN file-reading procedure in 
the Drawings SDK (All versions prior to 2022.4) resulting from the 
lack of proper validation of user-supplied data. This can result in 
a memory corruption or arbitrary code execution, allowing 
attackers to cause a denial-of-service condition or execute code 
in the context of the current process. 


2021-06-17 


not yet 
calculated 





CVE-2021-32944 
MISC 





open_design_alliance -- 
drawings_sdk 


Drawings SDK (All versions prior to 2022.4) are vulnerable to an 


out-of-bounds read due to parsing of DWG files resulting from the 
lack of proper validation of user-supplied data. This can result in 
a read past the end of an allocated buffer and allows attackers to 
cause a denial-of service condition or read sensitive information 
from memory. 


2021-06-17 


not yet 
calculated 


CVE-2021-32938 
MISC 








open_design_alliance -- 
drawings_sdk 


An improper check for unusual or exceptional conditions issue 
exists within the parsing DGN files from Drawings SDK (Version 
2022.4 and prior) resulting from the lack of proper validation of 
the user-supplied data. This may result in several of out-of- 
bounds problems and allow attackers to cause a denial-of-service 
condition or execute code in the context of the current process. 


2021-06-17 


not yet 
calculated 


CVE-2021-32946 
MISC 








open_design_alliance -- 
drawings_sdk 


An out-of-bounds write issue exists in the DGN file-reading 
procedure in the Drawings SDK (Version 2022.4 and prior) 
resulting from the lack of proper validation of user-supplied data. 
This can result in a write past the end of an allocated buffer and 
allow attackers to cause a denial-of-service condition or execute 
code in the context of the current process. 


2021-06-17 


not yet 
calculated 


CVE-2021-32952 
MISC 








open_design_alliance -- 
drawings_sdk 


An out-of-bounds write issue exists in the DXF file-recovering 
procedure in the Drawings SDK (All versions prior to 2022.4) 
resulting from the lack of proper validation of user-supplied data. 
This can result in a write past the end of an allocated buffer and 
allow attackers to cause a denial-of-service condition or execute 
code in the context of the current process. 


2021-06-17 


not yet 
calculated 





CVE-2021-32936 
MISC 





opencast -- opencast 


Opencast is a free and open source solution for automated video 


capture and distribution. Versions of Opencast prior to 9.6 are 
vulnerable to the billion laughs attack, which allows an attacker to 
easily execute a (seemingly permanent) denial of service attack, 
essentially taking down Opencast using a single HTTP request. 
To exploit this, users need to have ingest privileges, limiting the 
group of potential attackers The problem has been fixed in 
Opencast 9.6. There is no known workaround for this issue. 


2021-06-16 


not yet 
calculated 


CVE-2021-32623 
MISC 
CONFIRM 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12719. 


2021-06-15 


not yet 
calculated 


CVE-2021-31491 
N/A 








opentext -- brava! 








This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop Build 
16.6.4.55. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of PDF files. The 
issue results from the lack of validating the existence of an object 
prior to performing operations on the object. An attacker can 
leverage this vulnerability to execute code in the context of the 





current process. Was ZDI-CAN-13673. 








2021-06-15 








not yet 
calculated 





CVE-2021-31502 
N/A 
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opentext -- brava! 


This vulnerability allows remote attackers to disclose sensitive 


information on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWG files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a read past the end of an allocated data 
structure. An attacker can leverage this in conjunction with other 
vulnerabilities to execute arbitrary code in the context of the 
current process. Was ZDI-CAN-13310. 


2021-06-15 


not yet 
calculated 


CVE-2021-31501 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the processing of DWG files. 
The issue results from the lack of validating the existence of an 
object prior to performing operations on the object. An attacker 
can leverage this vulnerability to execute code in the context of 
the current process. Was ZDI-CAN-13311. 


2021-06-15 


not yet 
calculated 


N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DXF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-13308. 


2021-06-15 


not yet 
calculated 


CVE-2021-31496 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DXF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result ina memory corruption condition. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13307. 


2021-06-15 


not yet 
calculated 


CVE-2021-31495 


CVE-2021-31497 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DXF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a memory corruption condition. An 
attacker can leverage this vulnerability to execute code in the 
context of the current process. Was ZDI-CAN-13304. 


2021-06-15 


not yet 
calculated 


CVE-2021-31493 
N/A 





opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 


code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12720. 


2021-06-15 


not yet 
calculated 


CVE-2021-31492 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DXF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-13305. 


2021-06-15 


not yet 
calculated 


CVE-2021-31494 
N/A 








opentext -- brava! 








This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of SLDPRT files. 
The issue results from the lack of proper validation of a user- 
supplied value prior to dereferencing it as a pointer. An attacker 
can leverage this vulnerability to execute code in the context of 





the current process. Was ZDI-CAN-12659. 








2021-06-15 








not yet 
calculated 


CVE-2021-31481 
N/A 
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opentext -- brava! 


code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12715. 


This vulnerability allows remote attackers to execute arbitrary 


2021-06-15 


not yet 
calculated 


CVE-2021-31487 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of the length of 
user-supplied data prior to copying it to a fixed-length heap- 
based buffer. An attacker can leverage this vulnerability to 
execute code in the context of the current process. Was ZDI- 
CAN-12711. 


2021-06-15 


not yet 
calculated 


CVE-2021-31485 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12710. 


2021-06-15 


not yet 
calculated 


N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of the length of 
user-supplied data prior to copying it to a fixed-length heap- 
based buffer. An attacker can leverage this vulnerability to 
execute code in the context of the current process. Was ZDI- 
CAN-12709. 


2021-06-15 


not yet 
calculated 


CVE-2021-31483 
N/A 


CVE-2021-31484 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12708. 


2021-06-15 


not yet 
calculated 


CVE-2021-31482 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 


code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of a user-supplied 
value prior to dereferencing it as a pointer. An attacker can 
leverage this vulnerability to execute code in the context of the 
current process. Was ZDI-CAN-12746. 


2021-06-15 


not yet 
calculated 


CVE-2021-31500 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of PDF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12633. 


2021-06-15 


not yet 
calculated 


CVE-2021-31478 
N/A 








opentext -- brava! 








This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of PDF files. The 
issue results from the lack of proper initialization of a pointer prior 
to accessing it. An attacker can leverage this vulnerability to 
execute code in the context of the current process. Was ZDI- 
CAN-12634. 











2021-06-15 








not yet 
calculated 


CVE-2021-31479 
N/A 
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opentext -- brava! 


code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DXF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a type confusion condition. An attacker 
can leverage this vulnerability to execute code in the context of 
the current process. Was ZDI-CAN-12654. 


This vulnerability allows remote attackers to execute arbitrary 


2021-06-15 


not yet 
calculated 


CVE-2021-31480 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12716. 


2021-06-15 


not yet 
calculated 


CVE-2021-31488 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12745. 


2021-06-15 


not yet 
calculated 


N/A 








opentext -- brava! 


This vulnerability allows remote attackers to disclose sensitive 
information on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a read past the end of an allocated data 
structure. An attacker can leverage this in conjunction with other 
vulnerabilities to execute arbitrary code in the context of the 
current process. Was ZDI-CAN-12744. 


2021-06-15 


not yet 
calculated 


CVE-2021-31498 
N/A 


CVE-2021-31499 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12717. 


2021-06-15 


not yet 
calculated 


CVE-2021-31489 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 


code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12712. 


2021-06-15 


not yet 
calculated 


CVE-2021-31486 
N/A 








opentext -- brava! 


This vulnerability allows remote attackers to execute arbitrary 
code on affected installations of OpenText Brava! Desktop 
16.6.3.84. User interaction is required to exploit this vulnerability 
in that the target must visit a malicious page or open a malicious 
file. The specific flaw exists within the parsing of DWF files. The 
issue results from the lack of proper validation of user-supplied 
data, which can result in a write past the end of an allocated 
buffer. An attacker can leverage this vulnerability to execute code 
in the context of the current process. Was ZDI-CAN-12718. 


2021-06-15 


not yet 
calculated 


CVE-2021-31490 
N/A 








otrs -- ag_community_edition 








DoS attack can be performed when an email contains specially 
designed URL in the body. It can lead to the high CPU usage and 
cause low quality of service, or in extreme case bring the system 
to a halt. This issue affects: OTRS AG ((OTRS)) Community 
Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 
7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and 





prior versions. 








2021-06-14 








not yet 
calculated 


CVE-2021-21439 
MISC 
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otrs -- ag_community_edition 


There is a XSS vulnerability in the ticket overview screens. It's 


possible to collect various information by having an e-mail shown 
in the overview screen. Attack can be performed by sending 
specially crafted e-mail to the system and it doesn't require any 
user intraction. This issue affects: OTRS AG ((OTRS)) 
Community Edition 6.0.x version 6.0.1 and later versions. OTRS 
AG OTRS 7.0.x version 7.0.26 and prior versions. 


2021-06-16 


not yet 
calculated 


CVE-2021-21441 
MISC 








pagekit -- pagekit 


In PageKit v1.0.18, a user can upload SVG files in the file upload 
portion of the CMS. These SVG files can contain malicious 
scripts. This file will be uploaded to the system and it will not be 
stripped or filtered. The user can create a link on the website 
pointing to "/storage/exp.svg" that will point to 
http://localhost/pagekit/storage/exp.svg. When a user comes 
along to click that link, it will trigger a XSS attack. 


2021-06-16 


not yet 
calculated 


CVE-2021-32245 
MISC 








peloton -- ttr01 


Insufficient verification of data authenticity in Peloton TTRO1 up to 
and including PTV55G allows an attacker with physical access to 
boot into a modified kernel/ramdisk without unlocking the 
bootloader. 


2021-06-15 


not yet 
calculated 


CVE-2021-33887 
MISC 
MISC 
MISC 








phpcms -- phpcms 


phpCMS 2008 sp4 allowas remote malicious users to execute 
arbitrary php commands via the pagesize parameter to 
yp/product.php. 


2021-06-16 


not yet 
calculated 


CVE-2020-22201 
MISC 





phpcms -- phpcms 


SQL Injection in phpCMS 2008 sp4 via the genre parameter to 


yp/job.php. 


2021-06-16 


not yet 


calculated 


CVE-2020-22203 
MISC 





phpcms -- phpcms 


SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via 


the digg_mod parameter to digg_add.php. 


2021-06-16 


not yet 
calculated 


CVE-2020-22199 
MISC 








phpmailer -- phpmailer 


PHPMailer before 6.5.0 on Windows allows remote code 
execution if lang_path is untrusted data and has a UNC 
pathname. 


2021-06-16 


not yet 
calculated 


CVE-2021-34551 
CONFIRM 








phpmailer -- phpmailer 


PHPMailer 6.4.1 and earlier contain a vulnerability that can result 
in untrusted code being called (if such code is injected into the 
host project's scope by other means). If the $patternselect 
parameter to validateAddress() is set to 'php' (the default, defined 
by PHPMailer::$validator), and the global namespace contains a 
function called php, it will be called in preference to the built-in 
validator of the same name. Mitigated in PHPMailer 6.5.0 by 
denying the use of simple strings as validator function names. 


2021-06-17 


not yet 
calculated 


CVE-2021-3603 








qemu -- qemu 


An invalid pointer initialization issue was found in the SLIRP 
networking implementation of QEMU. The flaw exists in the 
udp6_input() function and could occur while processing a udp 
packet that is smaller than the size of the 'udphdr' structure. This 
issue may lead to out-of-bounds read access or indirect host 
memory disclosure to the guest. The highest threat from this 
vulnerability is to data confidentiality. This flaw affects libslirp 
versions prior to 4.6.0. 


2021-06-15 


not yet 
calculated 


CVE-2021-3593 
MISC 





qemu -- qemu 


An invalid pointer initialization issue was found in the SLIRP 
networking implementation of QEMU. The flaw exists in the 
bootp_input() function and could occur while processing a udp 
packet that is smaller than the size of the 'bootp_t' structure. A 
malicious guest could use this flaw to leak 10 bytes of 
uninitialized heap memory from the host. The highest threat from 
this vulnerability is to data confidentiality. This flaw affects libslirp 
versions prior to 4.6.0. 


2021-06-15 


not yet 
calculated 





CVE-2021-3592 
MISC 








qemu -- qemu 


An invalid pointer initialization issue was found in the SLIRP 
networking implementation of QEMU. The flaw exists in the 
udp_input() function and could occur while processing a udp 
packet that is smaller than the size of the 'udphdr' structure. This 
issue may lead to out-of-bounds read access or indirect host 
memory disclosure to the guest. The highest threat from this 
vulnerability is to data confidentiality. This flaw affects libslirp 
versions prior to 4.6.0. 


2021-06-15 


not yet 
calculated 


CVE-2021-3594 
MISC 








qemu -- qemu 











An invalid pointer initialization issue was found in the SLIRP 
networking implementation of QEMU. The flaw exists in the 
tftp_input() function and could occur while processing a udp 
packet that is smaller than the size of the 'tftp_t' structure. This 
issue may lead to out-of-bounds read access or indirect host 
memory disclosure to the guest. The highest threat from this 
vulnerability is to data confidentiality. This flaw affects libslirp 
versions prior to 4.6.0. 
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i : Cvss Source & Patch 
Vendor -- Product Description peblished Score Info 


Insecure storage of sensitive information has been reported to 
affect QNAP NAS running myQNAPcloud Link. If exploited, this 
vulnerability allows remote attackers to read sensitive information 
by accessing the unrestricted storage mechanism. This issue 2021-06-16 
affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 
2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero 
h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. 


Quassel through 0.13.1, when --require-ssl is enabled, launches 
without SSL or TLS support if a usable X.509 certificate is not 2021-06-17 
found on the local system. 


Rapid7 Nexpose is vulnerable to a non-persistent cross-site 
scripting vulnerability affecting the Security Console's Filtered 
Asset Search feature. A specific search criterion and operator 
combination in Filtered Asset Search could have allowed a user 
to pass code through the provided search field. This issue affects || 2021-06-16 
version 6.6.80 and prior, and is fixed in 6.6.81. If your Security 
Console currently falls on or within this affected version range, 
ensure that you update your Security Console to the latest 





qnap -- nas not yet CVE-2021-28815 


calculated ||CONFIRM 








quassel -- quassel 


not yet |CVE-2021-34825 
calculated ||MISC 








rapid7 -- nexpose not yet |CVE-2021-3535 


calculated |ICONFIRM 








version. 
receita -- federal_irpf Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack not yet |CVE-2021-34682 
é 2021-06-12 
against the update feature. calculated ||MISC 





Restund is an open source NAT traversal server. The restund 
TURN server can be instructed to open a relay to the loopback 
address range. This allows you to reach any other service 
running on localhost which you might consider private. In the 
configuration that we ship (https://github.com/wireapp/ansible- 
restund/blob/master/templates/restund.conf.j2#L40-L43) the 
*status’ interface of restund is enabled and is listening on 
*127.0.0.1°.The ‘status’ interface allows users to issue 
administrative commands to ‘restund’ like listing open relays or 
draining connections. It would be possible for an attacker to 


contact the status interface and issue administrative commands CVE-2021-21382 

by setting XXOR-PEER-ADDRESS*’ to *127.0.0.1: MISC 

{{restund_udp_status_port}}' when opening a TURN channel. We CONFIRM 
restund -- restund now explicitly disallow relaying to loopback addresses, ‘any' 2021-06-11 not yet MISC 

addresses, link local addresses, and the broadcast address. As a calculated |IMISC 

workaround disable the ‘status’ module in your restund MISC 

configuration. However there might still be other services running MISC 

on *127.0.0.0/8° that you do not want to have exposed. The “turn” MISC 


module can be disabled. Restund will still perform STUN and this 
might already be enough for initiating calls in your environments. 
TURN is only used as a last resort when other NAT traversal 
options do not work. One should also make sure that the TURN 
server is set up with firewall rules so that it cannot relay to other 
addresses that you don't want the TURN server to relay to. For 
example other services in the same VPC where the TURN server 
is running. Ideally TURN servers should be deployed in an 
isolated fashion where they can only reach what they need to 
reach to perform their task of assisting NAT-traversal. 


RIOT-OS 2021.01 before commit 








CVE-2021-31663 
































Hoke Holes bc59d60be60dfc0a05def57d7498537 1e4f22d79 contains a buffer 2021-06-18 not yet MISC 
overflow which could allow attackers to obtain sensitive calculated ||MISC 
information. CONFIRM 
RIOT-OS 2021.01 before commit 
riot -~ riot-os 071254d8537497552e7dce80364aaead9266bbe contains a not yet |CvE=2021-31662 
; : ne 2021-06-18 CONFIRM 
buffer overflow which could allow attackers to obtain sensitive calculated MISC 
information. a 
RIOT-OS 2021.01 before commit 
riot -- riot-os 609c9ada34da5546cffb632a98b7ba157c112658 contains a not yet [4E=2021-31661 
: i 2021-06-18 MISC 
buffer overflow that could allow attackers to obtain sensitive calculated 
: ‘ CONFIRM 
information. 
RIOT-OS 2021.01 before commit 
riot -riot-os 85da504d2dc301 88b89144c32761c5a25b31251f contains a buffer!) 4454 9649 | Notyet ec 
overflow which could allow attackers to obtain sensitive calculated ||A 
: : CONFIRM 
information. 
RIOT-OS 2021.01 before commit 
riot -- riot-os 44741 ff99f7a7 1df45420635b238b9c22093647a contains a buffer ‘ce | 
: : ae 2021-06-18 MISC 
overflow which could allow attackers to obtain sensitive calculated 
: : CONFIRM 
information. 
Parameter manipulation can bypass authentication to cause file 
roanwiz -- dext5editor upload and execution. This will execute the remote code. This 2021-06-15 not yet ||CVE-2020-7864 
issue affects: Raonwiz DEXT5Editor versions prior to calculated ||MISC 


3.5.1405747.1100.03. 
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Primary ar : Cvss Source & Patch 
Vendor -- Product Pesenpiell rabilsher Score Info 
eae SafeNet KeySecure Management Console 8.12.0 is vulnerable to CVE-2021-28979 
hevecures hianadement wansele HTTP response splitting attacks. A remote attacker could exploit 2021-06-16 not yet MISC 
y = g = this vulnerability using specially-crafted URL to cause the server calculated ||MISC 
to return a split response, once the URL is clicked. MISC 
SAP NetWeaver ABAP Server and ABAP Platform, versions - 
700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does CVE-2021-27610 
sap -- netweaver_abap_server not create information about internal and external RFC user in not yet 
: Pape : : 2021-06-16 MISC 
consistent and distinguished format, which could lead to improper calculated MISC 
authentication and may be exploited by malicious users to obtain ne 
illegitimate access to the system. 
Secure 8 (Evalos) does not validate user input data correctly, 
Te eee allowing a remote attacker to perform a Blind SQL Injection. An notvet CVE-2021-3604 
= = attacker could exploit this vulnerability in order to extract 2021-06-18 ied CONFIRM 
information of users and administrator accounts stored in the CONFIRM 
database. 
The Sentinel LDK Run-Time Environment installer (Versions 7.6 
sentinel -- Idk_run- and prior) adds a firewall rule named “Sentinel License Manager” 
time_environment that allows incoming connections from private networks using 2021-06-16 it ia ee 
TCP Port 1947. While uninstalling, the uninstaller fails to close = 
Port 1947. 
SerenityOS before commit oo 
serenityos -- serenityos 3844e8569689dd476064a0759d704bc64fb3ca2c contains a not yet haan 
: aie : 2021-06-18 MISC 
directory traversal vulnerability in tar/unzip that may lead to calculated MISC 
command execution or privilege escalation. CONFIRM 
serenityos -- test-crypto.cpp SerenityOS in test-crypto.cpp contains a stack buffer overflow 2021-06-18 not yet |CVE-2021-33186 
which could allow attackers to obtain sensitive information. calculated ||CONFIRM 
; F SerenityOS contains a buffer overflow in the set_range test in 
Soren Ge lee eiinap TestBitmap which could allow attackers to obtain sensitive 2021-06-18 not yet [Sei eaete tees 
f : calculated ||CONFIRM 
information. 
SINAMICS medium voltage routable products are affected by a 
vulnerability in the Sm@rtServer component for remote access 
that could allow an unauthenticated attacker to cause a denial-of- 
sinamics -- sm@rtserver service condition, and/or execution of limited configuration not yet |CVE-2021-27388 
aa : font 2021-06-15 
modifications and/or execution of limited control commands on calculated ||MISC 
the SINAMICS Medium Voltage Products, Remote Access 
(SINAMICS SL150: All versions, SINAMICS SM150: All versions, 
SINAMICS SM150i: All versions). 
[An issue was discovered on 4GEE ROUTER HH70VB Version 
sing4g -- HH70_E1_02.00_22. Attackers can use slowhttptest tool to send natvet ica 
4gee_router_hh7Ovb_version_hh7O\|ia¢oAlefe 22TTP request, which could make server keep waiting || 2021-06-18 y Paras 
oe : es calculated MISC 
for the packet to finish the connection, until its resource MISC 
exhausted. Then the web server is denial-of-service. == 
Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler 
attack in which attackers can predict TOTP passwords in certain 
situations. The time value used by the device can be set 
independently from the used seed value for generating time- CVE-2021-32033 
slim -- nfc_70_10.01_devices based one-time passwords, without authentication. Thus, an NOLYCU: lea ee 
f ; : ‘ 2021-06-16 MISC 
attacker with short-time physical access to a device can set the calculated FULLDISC 
internal real-time clock (RTC) to the future, generate one-time ee 
passwords, and reset the clock to the current time. This allows 
the generation of valid future time-based one-time passwords 
without having further access to the hardware token. 
Ssonahyoe «= Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a 
ie exitone jmenaaer remote authenticated attacker to get a list of blob files and read 2021-06-18 not yet |ICVE-2021-34553 
—fep ry 9 the content of a blob file (via a GET request) without having been calculated ||CONFIRM 
granted access. 
A buffer overflow vulnerability in SonicOS allows a remote 
sonicos -- sonicos attacker to cause a Denial of Service (DoS) by sending a 2021-06-14 not yet |CVE-2021-20027 
specially crafted request. This vulnerability affects SonicOS calculated ||CONFIRM 
Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls. 
sourcecodester -- SQL injection vulnerability in SourceCodester Alumni 
alumni_management_system Management System 1.0 allows the user to inject SQL payload to|) 2021-06-15 HO yet eee 
ae : 3 : calculated ||EXPLOIT-DB 
bypass the authentication via admin/login.php. 
seuneGadasial= A Cross Site Scripting in SourceCodester Employee 
alumni. manacement-evelen: Management System 1.0 allows the user to execute alert 2021-06-15 not yet |CVE-2020-29215 
= 9 SY messages via /Employee Management System/addemp.php on calculated |IEXPLOIT-DB 
admin account. 
ag F F CVE-2020-24939 
stampit -- supermixer Prototype pollution in Stampit supermixer 1.0.3 allows an attacker not yet |ICONFIRM 
to modify the prototype of a base object which can vary in 2021-06-16 
: : : : calculated ||CONFIRM 
severity depending on the implementation. MISC 
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Vendor -- Product PescnpHen Pabllsher Score Info 
The npm package "striptags" is an implementation of PHP's 
strip_tags in Typescript. In striptags before version 3.2.0, a type- CVE-2021-32696 
stiotde—siipiaas confusion vulnerability can cause ‘striptags* to concatenate riot Vek MISC 
ptag pag unsanitized strings when an array-like object is passed in as the 2021-06-18 etd MISC 
‘html’ parameter. This can be abused by an attacker who can CONFIRM 
control the shape of their input, e.g. if query parameters are MISC 
passed directly into the function. This can lead to a XSS. 
The package studio-42/elfinder before 2.1.58 are vulnerable to end 
studio-42 -- elfinder Remote Code Execution (RCE) via execution of PHP code ina notyet ll Aanicioxa 
; pais ade : 2021-06-13 CONFIRM 
.phar file. NOTE: This only applies if the server parses .phar files calculated CONFIRM 
perils CONFIRM 
sylabs -- singularity Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 2021-06-15 not yet a 
3.5-8, has an Incorrect Check of a Function's Return Value. calculated MISC 
Symfony is a PHP framework for web and console applications 
and a set of reusable PHP components. A vulnerability related to 
firewall authentication is in Symfony starting with version 5.3.0 
and prior to 5.3.2. When an application defines multiple firewalls, CVE-2021-32693 
Su itRGhW SORIA the token authenticated by one of the firewalls was available for not vet MISC 
pny Seeny all other firewalls. This could be abused when the application 2021-06-17 Pola ted (CONFIRM 
defines different providers for each part of the application, in such MISC 
a situation, a user authenticated on a part of the application could MISC 
be considered authenticated on the rest of the application. 
Starting in version 5.3.2, a patch ensures that the authenticated 
token is only available for the firewall that generates it. 
Use of hard-coded credentials vulnerability in php component in 
pynclogy<Galeivit Synology Calendar before 2.4.0-0761 allows remote attackers to | 2021-06-18 Bat yel [ie ceeeiel eee 
‘ haa ‘ : ws calculated ||CONFIRM 
obtain sensitive information via unspecified vectors. 
Server-Side Request Forgery (SSRF) vulnerability in task 
= ' management component in Synology Download Station before ones not yet |CVE-2021-34811 
ByNeegy gah ead Staion 3.8.16-3566 allows remote authenticated users to access intranet ene iets calculated ||CONFIRM 
resources via unspecified vectors. 
Improper neutralization of special elements used in a command 
= : (‘Command Injection’) vulnerability in task management : i 
eynolegycowhlead station component in Synology Download Station before 3.8.16-3566 2021-06-18 not yet |CVE-2021-34809 
: : : calculated ||CONFIRM 
allows remote authenticated users to execute arbitrary code via 
unspecified vectors. 
Improper privilege management vulnerability in cgi component in 
synology -- download_station Synology Download Station before 3.8.16-3566 allows remote 2021-06-18 not yet |CVE-2021-34810 
authenticated users to execute arbitrary code via unspecified calculated ||CONFIRM 
vectors. 
Server-Side Request Forgery (SSRF) vulnerability in cgi 
synology -- media_server component in Synology Media Server before 1.8.3-2881 allows 2021-06-18 not yet |ICVE-2021-34808 
remote attackers to access intranet resources via unspecified calculated ||CONFIRM 
vectors. 
teamviewer -- teamviewer [TeamViewer before 14.7.48644 on Windows loads untrusted | 5,5, 9,4, | notyet |[CVE-2021-34803 
: pone idler 2021-06-16 
DLLs in certain situations. calculated ||MISC 
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the 
browser (hashing, random, encryption, decryption, signatures, 
conversions), used by TogaTech.org. In versions prior to 7.0.3, 
the “verifyWithMessage’ method of ‘tEnvoyNaClSigningKey” CVE-2021-32685 
tenvoy -- tenvoy always returns ‘true’ for any signature that has a SHA-512 hash 2021-06-16 not yet MISC 
matching the SHA-512 hash of the message even if the signature calculated MISC 
was invalid. This issue is patched in version 7.0.3. As a CONFIRM 
workaround: In ‘tenvoy.js’ under the ‘verifyWithMessage’ method 
definition within the ‘tEnvoyNaClSigningKey’ class, ensure that 
the return statement call to ‘this.verify’ ends in *.verified*. 
thycotic -- password_reset_server ||Thycotic Password Reset Server before 5.3.0 allows credential not yet |ICVE-2021-34679 
: 2021-06-11 
disclosure. calculated ||MISC 
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not 
tp-link -- tl-wpa4220 use SSL by default. Attacker on the local network can monitor 2021-06-15 ee 
: : ae : calculated ||MISC 
traffic and capture the cookie and other sensitive information. 
tp-link -- tl-wpa4220 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 not yet |CVE-2021-28857 
; , 2021-06-15 
username and password are sent via the cookie. calculated MISC 
trend_micro -- Trend Micro InterScan Web Security Virtual Appliance version 6.5 
interscan_web_security_virtual_appliaasdound to have a reflected cross-site scripting (XSS) 2021-06-17 ee a d te 








vulnerability in the product's Captive Portal. 
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Vendor -- Product Pesempuen Papilsher Score Info 
In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper 
session controls, a threat actor could make unauthorized 
Peneher iw Ol-Sawilts changes to an affected router via a specially crafted web page. If || 2021-06-17 net | ia 
‘ : A nie calculated ||MISC 
an authenticated user were to interact with a malicious web page 
it could allow for a complete takeover of the router. 
In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject 
Penne = OD Sard Ge arbitrary JavaScript into the router's web interface via the "echo" || 2021-06-17 not yet |GvE-2021-32426 
RORISntl calculated ||MISC 
It was discovered that the get_modified_conffiles() function in 
ubuntu -- ubuntu backends/packaging-apt-dpkg.py allowed injecting modified 2021-06-12 at ice eal 
package names in a manner that would confuse the dpkg(1) call. ro 
UnEGG v0.5 and eariler versions have a Integer overflow 
vulnerability, triggered when the user opens a malformed specific 
unegg = unegg file that is mishandled by UnEGG. Attackers could exploit this 2021-06-11 nor ver al 
and arbitrary code execution. This issue affects: Estsoft UnEGG calculated |mieu 
0.5 versions prior to 1.0 on linux. 
An issue was discovered in UniFi Protect G3 FLEX Camera 
unifi_protect -- Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to not vet oe 
g3_flex_camera_version send incomplete HTTP request, which could make server keep 2021-06-18 Bo eee MISC 
waiting for the packet to finish the connection, until its resource MISC 
exhausted. Then the web server is denial-of-service. pase 
unifi_protect -- An issue was discovered in UniFi Protect G3 FLEX Camera CVE-2021-33820 
93 flex carnara wersion Version UVC.v4.30.0.67.Attacker could send a huge amount of 2021-06-18 not yet MISC 
== = TCP SYN packet to make web service's resource exhausted. calculated ||MISC 
Then the web server is denial-of-service. MISC 
: : Valine 1.4.14 allows remote attackers to cause a denial of service 
paler eins (application outage) by supplying a ua (aka User-Agent) value 2021-06-16 not ye aes 
oa : calculated ||MISC 
that only specifies the product and version. 
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for CVE-2021-32612 
veryfitpro -- veryfitpro Android does all communication with the backend API over not yet MISC 
cleartext HTTP. This includes logins, registrations, and password || 2021-06-16 calculated MISC 
change requests. This allows information theft and account MISC 
takeover via network sniffing. FULLDISC 
VMware Tools for Windows (11.x.y prior to 11.3.0) contains a 
denial-of-service vulnerability in the VM3DMP driver. A malicious 
vmware -- tools actor with local user privileges in the Windows guest operating 2021-06-18 not yet |ICVE-2021-21997 
system, where VMware Tools is installed, can trigger a PANIC in calculated ||MISC 
the VM3DMP driver leading to a denial-of-service condition in the 
Windows guest operating system. 
Wagtail is an open source content management system built on 
Django. A cross-site scripting vulnerability exists in versions 2.13- 
2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When 
the “{% include_block %}° template tag is used to output the 
value of a plain-text StreamField block ((CharBlock’, *TextBlock” 
or a similar user-defined block derived from ‘FieldBlock’), and 
that block does not specify a template for rendering, the tag 
output is not properly escaped as HTML. This could allow users 
to insert arbitrary HTML or scripting. This vulnerability is only 
exploitable by users with the ability to author StreamField content CVE-2021-32681 
wagtail -- wagtail (i.e. users with 'editor' access to the Wagtail admin). Patched not yet MISC 
versions have been released as Wagftail 2.11.8 (for the LTS 2.11 2021-06-17 calculated MISC 
branch), Wagtail 2.12.5, and Wagftail 2.13.2 (for the current 2.13 CONFIRM 
branch). As a workaround, site implementors who are unable to MISC 
upgrade to a current supported version should audit their use of 
“{% include_block %}* to ensure it is not used to output 
*CharBlock’ / *TextBlock’ values with no associated template. 
Note that this only applies where “{% include_block %}° is used 
directly on that block (uses of ‘include_block’ on a block 
|_containing_ a CharBlock / TextBlock, such as a StructBlock, are 
unaffected). In these cases, the tag can be replaced with 
Django's ‘{{ ... }} syntax - e.g. “{% include_block my_title_block 
%} becomes “{{ my_title_block }}’. 
A buffer over-read vulnerability exists in Wibu-Systems CVE-2021-20093 
wbu-systems -- codemeter CodeMeter versions < 7.21a. An unauthenticated remote attacker 2021-06-16 not yet MSC ..))OCO™ 
can exploit this issue to disclose heap memory contents or crash calculated MISC 
the CodeMeter Runtime Server. aad 
wbu-systems -- codemeter A denial of service vulnerability exists in Wibu-Systems not yet CVE-2021-20094 
CodeMeter versions < 7.21a. An unauthenticated remote attacker|) 2021-06-16 éaiculated MISC 
can exploit this issue to crash the CodeMeter Runtime Server. MISC 
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wire-webapp is the web version of Wire, an open-source 
messenger. A cross-site scripting vulnerability exists in wire- 
webapp prior to version 2021-06-01-production.0. If a user is 
instructed to open an image in a new tab (right click -> open in 
new tab, or copy the URL and paste it in the URL bar), an the 
wire -- wire image payload is executed on the domain hosting the app 2021-06-15 not yet Hee 
(app.wire.com). In particular, if an image contains malicious code calculated CONFIRM 
in addition to the actual picture, this code is executed on as 
app.wire.com. This allows the attacker to fully control the user 
account. The vulnerability was patched in version 2021-06-01- 
production.0. As a workaround, users should not try to open 
image URLs. 
This Gallery from files WordPress plugin through 1.6.0 gives the 
functionality of uploading images to the server. But filenames are 
not properly sanitized before being output in an error message not yet |CVE-2021-24349 
WondpreR> = Worapress when they have an invalid extension, leading to a reflected 2021-06-14 | -aicuiated [CONFIRM 
Cross-Site Scripting issue. Due to the lack of CSRF check, the 
attack could also be performed via such vector. 
The SP Project & Document Manager WordPress plugin before 
4.22 allows users to upload files, however, the plugin attempts to 
prevent php and other similar files that could be executed on the not yet |CVE-2021-24347 
Woh phees: = Wworgpiess server from being uploaded by checking the file extension. It was 2021-06-14 | -aicuiated [CONFIRM 
discovered that php files could still be uploaded by changing the 
file extension's case, for example, from "php" to "pHP". 
The Stock in & out WordPress plugin through 1.0.4 has a search 
functionality, the lowest accessible level to it being contributor. obvet CVE-2021-24346 
wordpress -- wordpress The srch POST parameter is not validated, sanitised or escaped |) 2021-06-14 ed CONFIRM 
before using it in the echo statement, leading to a reflected XSS MISC 
issue 
In the Simple 301 Redirects by BetterLinks WordPress plugin 
before 2.0.4, the lack of capability checks and insufficient nonce 
check on the AJAX actions, not vet CVE-2021-24355 
wordpress -- wordpress simple301redirects/admin/get_wildcard and 2021-06-14 Pea em CONFIRM 
simple301redirects/admin/wildcard, made it possible for MISC 
authenticated users to retrieve and update the wildcard value for 
redirects. 
The import_data function of the Simple 301 Redirects by CVE-2021-24353 
wordpress -- wordpress BetterLinks WordPress plugin before 2.0.4 had no capability or 2021-06-14 not yet CONFIRM 
nonce checks making it possible for unauthenticated users to calculated MISC. 
import a set of site redirects. jeu 
In the Simple 301 Redirects by BetterLinks WordPress plugin 
before 2.0.4, a lack of capability checks and insufficient nonce 
wordpress -- wordpress check on the AJAX action, 2021-06-14 not yet oe 
simple301redirects/admin/activate_plugin, made it possible for calculated MISC. 
authenticated users to activate arbitrary plugins installed on [a as 
vulnerable sites. 
The export_data function of the Simple 301 Redirects by CVE-2021-24352 
wordpress -- wordpress BetterLinks WordPress plugin before 2.0.4 had no capability or 2021-06-14 not yet CONFIRM 
nonce checks making it possible for unauthenticated users to calculated MISC. 
export a site's redirects. cere 
The Smart Slider 3 Free and pro WordPress plugins before 
3.5.0.9 did not sanitise the Project Name before outputting it back 
in the page, leading to a Stored Cross-Site Scripting issue. By CVE-2021-24382 
wordpress -- wordpress default, only administrator users could access the affected 2021-06-14 not yet CONFIRM 
functionality, limiting the exploitability of the vulnerability. calculated MISC. 
However, some WordPress admins may allow lesser privileged pee 
users to access the plugin's functionality, in which case, privilege 
escalation could be performed. 
When deleting a date in the Xllentech English Islamic Calendar 
wordpress -- wordpress WordPress plugin before 2.6.8, the year_number and not yet CVE-2021-24341 
month_number POST parameters are not sanitised, escaped or 2021-06-14 calculated CONFIRM 
validated before being used in a SQL statement, leading to SQL MISC 
injection. 
The menu delete functionality of the Side Menu a€* add fixed 
wordpress -- wordpress side buttons WordPress plugin before 3.1.5, available to not yet CVE-2021-24348 
Administrator users takes the did GET parameter and uses it into || 2021-06-14 éalculated CONFIRM 
an SQL statement without proper sanitisation, validation or MISC 
escaping, therefore leading to a SQL Injection issue 
The theplus_more_post AJAX action of The Plus Addons for 
wordpress -- wordpress Elementor Page Builder WordPress plugin before 4.1.12 did not not yet CVE-2021-24351 
properly sanitise some of its fields, leading to a reflected Cross- 2021-06-14 éalculated MISC 
Site Scripting (exploitable on both unauthenticated and CONFIRM 
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function "unzzip_cat_file". 

















Primary a F CVvss Source & Patch 
Vendor -- Product Pesenpienl Pabllehed Score Info 
A lack of capability checks and insufficient nonce check on the CVE-2021-24354 
wordpress -- wordpress AJAX action in the Simple 301 Redirects by BetterLinks 2021-06-14 not yet CONFIRM 
WordPress plugin before 2.0.4, made it possible for authenticated calculated MISC. 
users to install arbitrary plugins on vulnerable sites. = 
The page lists-management feature of the Sendit WP Newsletter 
wordpress *=-<worduress WordPress plugin through 2.5.1, available to Administrator users not vet CVE-2021-24345 
P P does not sanitise, validate or escape the id_lista POST 2021-06-14 ae ted (CONFIRM 
parameter before using it in SQL statement, therefore leading to MISC 
Blind SQL Injection. 
In WoWonder 3.0.4, remote attackers can take over any account CVE-2021-27200 
Wwowonder -- wowonder : : : not yet MISC 
due to the weak cryptographic algorithm in recover.php. The code|} 2021-06-11 
: ; : ; calculated ||MISC 
parameter is easily predicted from the time of day. MISC 
afi iceettl No filtering of cross-site scripting (XSS) payloads in the not vet CVE-2021-26835 
markdown-editor in Zettlr 1.8.7 allows attackers to perform 2021-06-18 y MISC 
: : calculated 
remote code execution via a crafted file. MISC 
oles snote ‘A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An not yet ICVE-2021-26834 
attacker can insert payloads, and the code execution will happen || 2021-06-18 calculated MISC 
immediately on markdown view mode. MISC 
zoho -- In Zoho ManageEngine Password Manager Pro before 11.1 build not Vet CVE-2021-31857 
manageengine_password_managet|161@4, attackers are able to retrieve credentials via a browser 2021-06-16 aleaeied MISC 
extension for non-website resource types. CONFIRM 
eabaas Zoho ManageEngine ServiceDesk Plus MSP before 10519 is CVE-2021-31159 
manaacenGine senieadesk jolie vulnerable to a User Enumeration bug due to improper error- 2021-06-16 not yet CONFIRM 
geengine_ P message generation in the Forgot Password functionality, aka calculated ||MISC 
SDPMSP-15732. MISC 
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected 
zoll -- defibrillator_dashboard products contain credentials stored in plaintext. This could allow 2021-06-16 POLE |S teeee ee eee 
: liters : calculated ||MISC 
an attacker to gain access to sensitive information. 
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected 
zoll -- defibrillator_dashboard product’s web application could allow a low privilege user to inject 2021-06-16 not yet |CVE-2021-27479 
parameters to contain malicious scripts to be executed by higher calculated ||MISC 
privilege users. 
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected 
zoll -- defibrillator_dashboard products utilize an encryption key in the data exchange process, 2021-06-16 not yet CVE-2021-27481 
which is hardcoded. This could allow an attacker to gain access calculated MISC 
to sensitive information. 
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products 
zoll -- defibrillator_dashboard contain insecure filesystem permissions that could allow a lower not yet |CVE-2021-27483 
tae Lee ie : 2021-06-16 
privilege user to escalate privileges to an administrative level calculated MISC 
user. 
ZOLL Defibrillator Dashboard, v prior to 2.2,The application 
zoll -- defibrillator_dashboard allows users to store their passwords in a recoverable format, 2021-06-16 not yet |CVE-2021-27485 
which could allow an attacker to retrieve the credentials from the calculated ||MISC 
web browser. 
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application 
zoll -- defibrillator_dashboard allows a non-administrative user to upload a malicious file. This not yet |CVE-2021-27489 
: ; 2021-06-16 
file could allow an attacker to remotely execute arbitrary calculated ||MISC 
commands. 
A Cross-site scripting (XSS) vulnerability exists in the comment CVE-2020-21316 
Zrlog -- zrlog section in ZrLog 2.1.3, which allows remote attackers to inject 2021-06-15 not yet MISC 
arbitrary web script and stolen administrator cookies via the calculated ||MISC 
nickname parameter and gain access to the admin panel. MISC 
tha ar Infinite Loop in zziplib v0.13.69 allows remote attackers to cause 
epee 2zIPue a denial of service via the return value "zzip_file_read" in the 2021-06-18 oa Mee 
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